{
  "statistics": {
    "processing": [
      {
        "name": "CAPE",
        "time": 2.358
      },
      {
        "name": "AnalysisInfo",
        "time": 0.009
      },
      {
        "name": "BehaviorAnalysis",
        "time": 0.746
      },
      {
        "name": "Debug",
        "time": 0.001
      },
      {
        "name": "NetworkAnalysis",
        "time": 0.028
      },
      {
        "name": "UrlAnalysis",
        "time": 0.0
      },
      {
        "name": "script_log_processing",
        "time": 0.0
      },
      {
        "name": "ProcessMemory",
        "time": 0.0
      }
    ],
    "signatures": [
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "stealth_network",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_blocklist",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_hvcidisallowedimages",
        "time": 0.0
      },
      {
        "name": "disable_hypervisor_protected_code_integrity",
        "time": 0.0
      },
      {
        "name": "pendingfilerenameoperations_Operations",
        "time": 0.0
      },
      {
        "name": "anomalous_deletefile",
        "time": 0.0
      },
      {
        "name": "antiav_360_libs",
        "time": 0.0
      },
      {
        "name": "antiav_ahnlab_libs",
        "time": 0.0
      },
      {
        "name": "antiav_avast_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bitdefender_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bullguard_libs",
        "time": 0.0
      },
      {
        "name": "antiav_emsisoft_libs",
        "time": 0.0
      },
      {
        "name": "antiav_qurb_libs",
        "time": 0.0
      },
      {
        "name": "antiav_servicestop",
        "time": 0.0
      },
      {
        "name": "antiav_apioverride_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_guardpages",
        "time": 0.0
      },
      {
        "name": "antidebug_ntcreatethreadex",
        "time": 0.0
      },
      {
        "name": "antiav_nthookengine_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_outputdebugstring",
        "time": 0.0
      },
      {
        "name": "antidebug_setunhandledexceptionfilter",
        "time": 0.0
      },
      {
        "name": "antidebug_windows",
        "time": 0.0
      },
      {
        "name": "antiemu_wine_func",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoocrash",
        "time": 0.0
      },
      {
        "name": "antisandbox_foregroundwindows",
        "time": 0.0
      },
      {
        "name": "antisandbox_mouse_hook",
        "time": 0.0
      },
      {
        "name": "mouse_movement_detect",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_objects",
        "time": 0.0
      },
      {
        "name": "antisandbox_script_timer",
        "time": 0.0
      },
      {
        "name": "antisandbox_sleep",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_unhook",
        "time": 0.0
      },
      {
        "name": "hardware_id_profiling",
        "time": 0.0
      },
      {
        "name": "antivm_directory_objects",
        "time": 0.0
      },
      {
        "name": "antivm_display",
        "time": 0.0
      },
      {
        "name": "antivm_generic_disk",
        "time": 0.0
      },
      {
        "name": "antivm_generic_scsi",
        "time": 0.0
      },
      {
        "name": "antivm_generic_services",
        "time": 0.0
      },
      {
        "name": "antivm_generic_system",
        "time": 0.0
      },
      {
        "name": "antivm_checks_available_memory",
        "time": 0.0
      },
      {
        "name": "detect_virtualization_via_recent_files",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_libs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_window",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_events",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_libs",
        "time": 0.0
      },
      {
        "name": "antivm_wmi",
        "time": 0.0
      },
      {
        "name": "api_spamming",
        "time": 0.0
      },
      {
        "name": "api_uuidfromstringa",
        "time": 0.0
      },
      {
        "name": "bcdedit_command",
        "time": 0.0
      },
      {
        "name": "bootkit",
        "time": 0.0
      },
      {
        "name": "direct_hdd_access",
        "time": 0.0
      },
      {
        "name": "physical_drive_access",
        "time": 0.0
      },
      {
        "name": "potential_overwrite_mbr",
        "time": 0.0
      },
      {
        "name": "read_file_raw_disk_access",
        "time": 0.0
      },
      {
        "name": "suspicious_iocontrol_codes",
        "time": 0.0
      },
      {
        "name": "browser_needed",
        "time": 0.0
      },
      {
        "name": "firefox_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "amsi_enumeration",
        "time": 0.0
      },
      {
        "name": "regsvr32_squiblydoo_dll_load",
        "time": 0.0
      },
      {
        "name": "suspicious_ntdll_disk_load",
        "time": 0.0
      },
      {
        "name": "direct_syscall_evasion",
        "time": 0.0
      },
      {
        "name": "unbacked_syscall_execution",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstp",
        "time": 0.0
      },
      {
        "name": "uac_bypass_eventvwr",
        "time": 0.0
      },
      {
        "name": "uac_bypass_windows_Backup",
        "time": 0.0
      },
      {
        "name": "privilege_elevation_check",
        "time": 0.0
      },
      {
        "name": "dotnet_code_compile",
        "time": 0.0
      },
      {
        "name": "queries_computer_name",
        "time": 0.0
      },
      {
        "name": "queries_user_name",
        "time": 0.0
      },
      {
        "name": "creates_largekey",
        "time": 0.0
      },
      {
        "name": "creates_nullvalue",
        "time": 0.0
      },
      {
        "name": "access_windows_passwords_vault",
        "time": 0.0
      },
      {
        "name": "dump_lsa_via_windows_error_reporting",
        "time": 0.0
      },
      {
        "name": "lsass_credential_dumping",
        "time": 0.0
      },
      {
        "name": "critical_process",
        "time": 0.0
      },
      {
        "name": "query_fips_reconnaissance",
        "time": 0.0
      },
      {
        "name": "cryptopool_domains",
        "time": 0.0
      },
      {
        "name": "dead_connect",
        "time": 0.0
      },
      {
        "name": "dead_link",
        "time": 0.0
      },
      {
        "name": "debugs_self",
        "time": 0.0
      },
      {
        "name": "decoy_document",
        "time": 0.0
      },
      {
        "name": "decoy_image",
        "time": 0.0
      },
      {
        "name": "deletes_consolehost_history",
        "time": 0.0
      },
      {
        "name": "deletes_shadow_copies",
        "time": 0.0
      },
      {
        "name": "deletes_system_state_backup",
        "time": 0.0
      },
      {
        "name": "dep_bypass",
        "time": 0.0
      },
      {
        "name": "dep_disable",
        "time": 0.0
      },
      {
        "name": "disables_mappeddrives_autodisconnect",
        "time": 0.0
      },
      {
        "name": "disables_spdy",
        "time": 0.0
      },
      {
        "name": "disables_wfp",
        "time": 0.0
      },
      {
        "name": "add_windows_defender_exclusions",
        "time": 0.0
      },
      {
        "name": "mountpoints_volume_discovery",
        "time": 0.0
      },
      {
        "name": "dll_load_uncommon_file_types",
        "time": 0.0
      },
      {
        "name": "dllload_suspicious_directory",
        "time": 0.0
      },
      {
        "name": "document_script_exe_drop",
        "time": 0.0
      },
      {
        "name": "driver_load",
        "time": 0.0
      },
      {
        "name": "install_kernel_driver_service",
        "time": 0.0
      },
      {
        "name": "malformed_dll_loading",
        "time": 0.0
      },
      {
        "name": "dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypted_ioc",
        "time": 0.0
      },
      {
        "name": "registers_vectored_exception_handler",
        "time": 0.0
      },
      {
        "name": "exec_crash",
        "time": 0.0
      },
      {
        "name": "process_creation_suspicious_location",
        "time": 0.0
      },
      {
        "name": "exploit_getbasekerneladdress",
        "time": 0.0
      },
      {
        "name": "exploit_gethaldispatchtable",
        "time": 0.0
      },
      {
        "name": "exploit_heapspray",
        "time": 0.0
      },
      {
        "name": "downloads_from_filehosting",
        "time": 0.0
      },
      {
        "name": "generic_phish",
        "time": 0.0
      },
      {
        "name": "http_request",
        "time": 0.0
      },
      {
        "name": "infostealer_browser",
        "time": 0.0
      },
      {
        "name": "infostealer_browser_password",
        "time": 0.0
      },
      {
        "name": "infostealer_cookies",
        "time": 0.0
      },
      {
        "name": "infostealer_keylog",
        "time": 0.0
      },
      {
        "name": "captures_screenshot",
        "time": 0.0
      },
      {
        "name": "injection_createremotethread",
        "time": 0.0
      },
      {
        "name": "creates_suspended_process",
        "time": 0.0
      },
      {
        "name": "injection_explorer",
        "time": 0.0
      },
      {
        "name": "injection_module_stomping_probing",
        "time": 0.0
      },
      {
        "name": "injection_needextension",
        "time": 0.0
      },
      {
        "name": "injection_network_traffic",
        "time": 0.0
      },
      {
        "name": "injection_runpe",
        "time": 0.0
      },
      {
        "name": "injection_rwx",
        "time": 0.0
      },
      {
        "name": "section_mapping_injection",
        "time": 0.0
      },
      {
        "name": "injection_themeinitapihook",
        "time": 0.0
      },
      {
        "name": "apc_injection",
        "time": 0.0
      },
      {
        "name": "resumethread_remote_process",
        "time": 0.0
      },
      {
        "name": "injection_write_exe_process",
        "time": 0.0
      },
      {
        "name": "injection_write_process",
        "time": 0.0
      },
      {
        "name": "internet_dropper",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_mutex",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_named_pipe",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_shared_memory",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_named_pipe",
        "time": 0.0
      },
      {
        "name": "ipc_namedpipe",
        "time": 0.0
      },
      {
        "name": "js_phish",
        "time": 0.0
      },
      {
        "name": "js_suspicious_redirect",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_internet_explorer_exporter",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_run_exe_helper_utility",
        "time": 0.0
      },
      {
        "name": "execute_ps_via_syncappvpublishingserver",
        "time": 0.0
      },
      {
        "name": "malicious_dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "reads_memory_remote_process",
        "time": 0.0
      },
      {
        "name": "unbacked_exception_filter",
        "time": 0.0
      },
      {
        "name": "unbacked_process_mitigation_alteration",
        "time": 0.0
      },
      {
        "name": "thread_unbacked_memory",
        "time": 0.0
      },
      {
        "name": "unbacked_api_resolution",
        "time": 0.0
      },
      {
        "name": "unbacked_dotnet_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_library_load",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_apc_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_protection_alteration",
        "time": 0.0
      },
      {
        "name": "unbacked_mutex_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_process_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_veh_registration",
        "time": 0.0
      },
      {
        "name": "unbacked_com_instantiation",
        "time": 0.0
      },
      {
        "name": "unbacked_crypto_operations",
        "time": 0.0
      },
      {
        "name": "unbacked_delay_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_file_dropping",
        "time": 0.0
      },
      {
        "name": "unbacked_process_enumeration",
        "time": 0.0
      },
      {
        "name": "unbacked_registry_modification",
        "time": 0.0
      },
      {
        "name": "unbacked_service_manipulation",
        "time": 0.0
      },
      {
        "name": "unbacked_token_manipulation",
        "time": 0.0
      },
      {
        "name": "unbacked_wmi_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_bind_shell",
        "time": 0.0
      },
      {
        "name": "unbacked_dns_resolution",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_network_connection",
        "time": 0.0
      },
      {
        "name": "unbacked_named_pipe_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_useragent_retrieval",
        "time": 0.0
      },
      {
        "name": "mimics_filetime",
        "time": 0.0
      },
      {
        "name": "amsi_bypass_via_com_registry",
        "time": 0.0
      },
      {
        "name": "access_auto_logons_via_registry",
        "time": 0.0
      },
      {
        "name": "access_boot_key_via_registry",
        "time": 0.0
      },
      {
        "name": "create_suspicious_lnk_files",
        "time": 0.0
      },
      {
        "name": "credential_access_via_windows_credential_history",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_microsoft_exchange",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_waas_medic_svc_com_typelib",
        "time": 0.0
      },
      {
        "name": "execute_file_downloaded_via_openssh",
        "time": 0.0
      },
      {
        "name": "execute_safe_mode_from_suspicious_process",
        "time": 0.0
      },
      {
        "name": "execute_scripts_via_microsoft_management_console",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_processes_via_windows_mssql_service",
        "time": 0.0
      },
      {
        "name": "execution_from_self_extracting_archive",
        "time": 0.0
      },
      {
        "name": "ip_address_discovery_via_trusted_program",
        "time": 0.0
      },
      {
        "name": "load_dll_via_control_panel",
        "time": 0.0
      },
      {
        "name": "network_connection_via_suspicious_process",
        "time": 0.0
      },
      {
        "name": "potential_location_discovery_via_unusual_process",
        "time": 0.0
      },
      {
        "name": "store_executable_registry",
        "time": 0.0
      },
      {
        "name": "Suspicious_Execution_Via_MicrosoftExchangeTransportAgent",
        "time": 0.0
      },
      {
        "name": "suspicious_java_execution_via_win_scripts",
        "time": 0.0
      },
      {
        "name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File",
        "time": 0.0
      },
      {
        "name": "uses_restart_manager_for_suspicious_activities",
        "time": 0.0
      },
      {
        "name": "modify_desktop_wallpaper",
        "time": 0.0
      },
      {
        "name": "modify_zoneid_ads",
        "time": 0.0
      },
      {
        "name": "move_file_on_reboot",
        "time": 0.0
      },
      {
        "name": "multiple_useragents",
        "time": 0.0
      },
      {
        "name": "network_anomaly",
        "time": 0.0
      },
      {
        "name": "network_bind",
        "time": 0.0
      },
      {
        "name": "etherhiding_smart_contract_call",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_archive",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_free_webhosting",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_generic",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_interactsh",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_opensource",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_pastesite",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_payload",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_serviceinterface",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_socialmedia",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_telegram",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_tempstorage",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_urlshortener",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_useragent",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_exfil",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_generic",
        "time": 0.0
      },
      {
        "name": "network_dns_idn",
        "time": 0.0
      },
      {
        "name": "network_dns_suspicious_querytype",
        "time": 0.0
      },
      {
        "name": "network_dns_tunneling_request",
        "time": 0.0
      },
      {
        "name": "network_document_http",
        "time": 0.0
      },
      {
        "name": "explorer_http",
        "time": 0.0
      },
      {
        "name": "network_fake_useragent",
        "time": 0.0
      },
      {
        "name": "legitimate_domain_abuse",
        "time": 0.0
      },
      {
        "name": "suspicious_communication_trusted_site",
        "time": 0.0
      },
      {
        "name": "network_tor",
        "time": 0.0
      },
      {
        "name": "office_com_load",
        "time": 0.0
      },
      {
        "name": "office_dotnet_load",
        "time": 0.0
      },
      {
        "name": "office_mshtml_load",
        "time": 0.0
      },
      {
        "name": "office_vb_load",
        "time": 0.0
      },
      {
        "name": "office_wmi_load",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882_network",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444_m2",
        "time": 0.0
      },
      {
        "name": "office_flash_load",
        "time": 0.0
      },
      {
        "name": "office_postscript",
        "time": 0.0
      },
      {
        "name": "office_suspicious_processes",
        "time": 0.0
      },
      {
        "name": "office_write_exe",
        "time": 0.0
      },
      {
        "name": "decompress_exe",
        "time": 0.0
      },
      {
        "name": "persistence_via_autodial_dll_registry",
        "time": 0.0
      },
      {
        "name": "persistence_autorun",
        "time": 0.0
      },
      {
        "name": "persistence_autorun_tasks",
        "time": 0.0
      },
      {
        "name": "persistence_bootexecute",
        "time": 0.0
      },
      {
        "name": "persistence_registry_script",
        "time": 0.0
      },
      {
        "name": "powershell_network_connection",
        "time": 0.0
      },
      {
        "name": "powershell_download",
        "time": 0.0
      },
      {
        "name": "powershell_request",
        "time": 0.0
      },
      {
        "name": "createtoolhelp32snapshot_module_enumeration",
        "time": 0.0
      },
      {
        "name": "enumerates_running_processes",
        "time": 0.0
      },
      {
        "name": "process_interest",
        "time": 0.0
      },
      {
        "name": "process_needed",
        "time": 0.0
      },
      {
        "name": "ransomware_iocp_asynchronous_encryption",
        "time": 0.0
      },
      {
        "name": "kernel_crypto_driver_abuse",
        "time": 0.0
      },
      {
        "name": "mass_data_encryption",
        "time": 0.0
      },
      {
        "name": "ransomware_extension_hijack",
        "time": 0.0
      },
      {
        "name": "mass_file_modification_access",
        "time": 0.0
      },
      {
        "name": "ransomware_attribute_stripping",
        "time": 0.0
      },
      {
        "name": "ransomware_file_modifications",
        "time": 0.0
      },
      {
        "name": "mass_ransom_note_drop",
        "time": 0.0
      },
      {
        "name": "ransomware_message",
        "time": 0.0
      },
      {
        "name": "reads_self",
        "time": 0.0
      },
      {
        "name": "recon_beacon",
        "time": 0.0
      },
      {
        "name": "recon_programs",
        "time": 0.0
      },
      {
        "name": "recon_systeminfo",
        "time": 0.0
      },
      {
        "name": "accesses_recyclebin",
        "time": 0.0
      },
      {
        "name": "script_created_process",
        "time": 0.0
      },
      {
        "name": "script_network_activity",
        "time": 0.0
      },
      {
        "name": "suspicious_js_script",
        "time": 0.0
      },
      {
        "name": "javascript_timer",
        "time": 0.0
      },
      {
        "name": "secure_login_phishing",
        "time": 0.0
      },
      {
        "name": "securityxploded_modules",
        "time": 0.0
      },
      {
        "name": "get_clipboard_data",
        "time": 0.0
      },
      {
        "name": "sets_autoconfig_url",
        "time": 0.0
      },
      {
        "name": "spoofs_procname",
        "time": 0.0
      },
      {
        "name": "stack_pivot",
        "time": 0.0
      },
      {
        "name": "stack_pivot_file_created",
        "time": 0.0
      },
      {
        "name": "stack_pivot_process_create",
        "time": 0.0
      },
      {
        "name": "set_clipboard_data",
        "time": 0.0
      },
      {
        "name": "stealth_childproc",
        "time": 0.0
      },
      {
        "name": "stealth_file",
        "time": 0.0
      },
      {
        "name": "stealth_system_procname",
        "time": 0.0
      },
      {
        "name": "stealth_timeout",
        "time": 0.0
      },
      {
        "name": "stealth_window",
        "time": 0.0
      },
      {
        "name": "queries_keyboard_layout",
        "time": 0.0
      },
      {
        "name": "queries_locale_api",
        "time": 0.0
      },
      {
        "name": "terminates_remote_process",
        "time": 0.0
      },
      {
        "name": "uiautomationcore_load",
        "time": 0.0
      },
      {
        "name": "user_enum",
        "time": 0.0
      },
      {
        "name": "mmc_dll_script_load",
        "time": 0.0
      },
      {
        "name": "mmc_dotnet_load",
        "time": 0.0
      },
      {
        "name": "virus",
        "time": 0.0
      },
      {
        "name": "webmail_phish",
        "time": 0.0
      },
      {
        "name": "persists_dev_util",
        "time": 0.0
      },
      {
        "name": "spawns_dev_util",
        "time": 0.0
      },
      {
        "name": "alters_windows_utility",
        "time": 0.0
      },
      {
        "name": "overwrites_accessibility_utility",
        "time": 0.0
      },
      {
        "name": "Potential_Lateral_Movement_Via_SMBEXEC",
        "time": 0.0
      },
      {
        "name": "potential_WebShell_Via_ScreenConnectServer",
        "time": 0.0
      },
      {
        "name": "uses_Microsoft_HTML_Help_Executable",
        "time": 0.0
      },
      {
        "name": "wiper_zeroedbytes",
        "time": 0.0
      },
      {
        "name": "wmi_create_process",
        "time": 0.0
      },
      {
        "name": "wmi_script_process",
        "time": 0.0
      },
      {
        "name": "antianalysis_tls_section",
        "time": 0.0
      },
      {
        "name": "antivirus_clamav",
        "time": 0.0
      },
      {
        "name": "antivirus_virustotal",
        "time": 0.0
      },
      {
        "name": "bad_certs",
        "time": 0.0
      },
      {
        "name": "bad_ssl_certs",
        "time": 0.0
      },
      {
        "name": "banker_zeus_p2p",
        "time": 0.0
      },
      {
        "name": "banker_zeus_url",
        "time": 0.0
      },
      {
        "name": "binary_yara",
        "time": 0.0
      },
      {
        "name": "bot_athenahttp",
        "time": 0.0
      },
      {
        "name": "bot_dirtjumper",
        "time": 0.0
      },
      {
        "name": "bot_drive",
        "time": 0.0
      },
      {
        "name": "bot_drive2",
        "time": 0.0
      },
      {
        "name": "bot_madness",
        "time": 0.0
      },
      {
        "name": "byod_loldrivers_match",
        "time": 0.0
      },
      {
        "name": "byod_novel_driver",
        "time": 0.0
      },
      {
        "name": "byod_post_load_exploitation",
        "time": 0.0
      },
      {
        "name": "byod_driver_service_install",
        "time": 0.0
      },
      {
        "name": "com_spawned_process",
        "time": 0.0
      },
      {
        "name": "phishing_kit_detected",
        "time": 0.0
      },
      {
        "name": "family_proxyback",
        "time": 0.0
      },
      {
        "name": "flare_capa_antianalysis",
        "time": 0.0
      },
      {
        "name": "flare_capa_collection",
        "time": 0.0
      },
      {
        "name": "flare_capa_communication",
        "time": 0.0
      },
      {
        "name": "flare_capa_compiler",
        "time": 0.0
      },
      {
        "name": "flare_capa_datamanipulation",
        "time": 0.0
      },
      {
        "name": "flare_capa_executable",
        "time": 0.0
      },
      {
        "name": "flare_capa_hostinteraction",
        "time": 0.0
      },
      {
        "name": "flare_capa_impact",
        "time": 0.0
      },
      {
        "name": "flare_capa_lib",
        "time": 0.0
      },
      {
        "name": "flare_capa_linking",
        "time": 0.0
      },
      {
        "name": "flare_capa_loadcode",
        "time": 0.0
      },
      {
        "name": "flare_capa_malwarefamily",
        "time": 0.0
      },
      {
        "name": "flare_capa_nursery",
        "time": 0.0
      },
      {
        "name": "flare_capa_persistence",
        "time": 0.0
      },
      {
        "name": "flare_capa_runtime",
        "time": 0.0
      },
      {
        "name": "flare_capa_targeting",
        "time": 0.0
      },
      {
        "name": "threatfox",
        "time": 0.0
      },
      {
        "name": "log4shell",
        "time": 0.0
      },
      {
        "name": "mimics_extension",
        "time": 0.0
      },
      {
        "name": "network_country_distribution",
        "time": 0.0
      },
      {
        "name": "network_cnc_http",
        "time": 0.0
      },
      {
        "name": "network_ip_exe",
        "time": 0.0
      },
      {
        "name": "network_dga",
        "time": 0.0
      },
      {
        "name": "network_dga_fraunhofer",
        "time": 0.0
      },
      {
        "name": "network_dyndns",
        "time": 0.002
      },
      {
        "name": "network_excessive_udp",
        "time": 0.0
      },
      {
        "name": "network_http",
        "time": 0.0
      },
      {
        "name": "network_icmp",
        "time": 0.0
      },
      {
        "name": "network_irc",
        "time": 0.0
      },
      {
        "name": "network_open_proxy",
        "time": 0.0
      },
      {
        "name": "network_questionable_http_path",
        "time": 0.0
      },
      {
        "name": "network_questionable_https_path",
        "time": 0.0
      },
      {
        "name": "network_smtp",
        "time": 0.0
      },
      {
        "name": "network_torgateway",
        "time": 0.001
      },
      {
        "name": "origin_langid",
        "time": 0.0
      },
      {
        "name": "origin_resource_langid",
        "time": 0.0
      },
      {
        "name": "overlay",
        "time": 0.0
      },
      {
        "name": "pe_deep_entrypoint",
        "time": 0.0
      },
      {
        "name": "packer_unknown_pe_section_name",
        "time": 0.0
      },
      {
        "name": "packer_aspack",
        "time": 0.0
      },
      {
        "name": "packer_aspirecrypt",
        "time": 0.0
      },
      {
        "name": "packer_bedsprotector",
        "time": 0.0
      },
      {
        "name": "packer_confuser",
        "time": 0.0
      },
      {
        "name": "packer_enigma",
        "time": 0.0
      },
      {
        "name": "packer_entropy",
        "time": 0.0
      },
      {
        "name": "packer_mpress",
        "time": 0.0
      },
      {
        "name": "packer_nate",
        "time": 0.0
      },
      {
        "name": "packer_nspack",
        "time": 0.0
      },
      {
        "name": "packer_smartassembly",
        "time": 0.0
      },
      {
        "name": "packer_spices",
        "time": 0.0
      },
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "packer_titan",
        "time": 0.0
      },
      {
        "name": "packer_upx",
        "time": 0.0
      },
      {
        "name": "packer_vmprotect",
        "time": 0.0
      },
      {
        "name": "packer_yoda",
        "time": 0.0
      },
      {
        "name": "pdf_annot_urls_checker",
        "time": 0.0
      },
      {
        "name": "pe_cert_invalid_signature",
        "time": 0.0
      },
      {
        "name": "pe_cert_self_signed",
        "time": 0.0
      },
      {
        "name": "pe_cert_suspicious_issuer",
        "time": 0.0
      },
      {
        "name": "polymorphic",
        "time": 0.0
      },
      {
        "name": "punch_plus_plus_pcres",
        "time": 0.0
      },
      {
        "name": "procmem_yara",
        "time": 0.0
      },
      {
        "name": "recon_checkip",
        "time": 0.0
      },
      {
        "name": "sigma_events",
        "time": 0.0
      },
      {
        "name": "static_authenticode",
        "time": 0.0
      },
      {
        "name": "invalid_authenticode_signature",
        "time": 0.0
      },
      {
        "name": "static_dotnet_anomaly",
        "time": 0.0
      },
      {
        "name": "static_java",
        "time": 0.0
      },
      {
        "name": "static_pdf",
        "time": 0.0
      },
      {
        "name": "contains_pe_overlay",
        "time": 0.0
      },
      {
        "name": "static_pe_anomaly",
        "time": 0.0
      },
      {
        "name": "pe_compile_timestomping",
        "time": 0.0
      },
      {
        "name": "static_pe_pdbpath",
        "time": 0.0
      },
      {
        "name": "static_rat_config",
        "time": 0.0
      },
      {
        "name": "static_versioninfo_anomaly",
        "time": 0.0
      },
      {
        "name": "browser_credential_theft_headless",
        "time": 0.0
      },
      {
        "name": "suricata_alert",
        "time": 0.0
      },
      {
        "name": "suspicious_html_body",
        "time": 0.0
      },
      {
        "name": "suspicious_html_name",
        "time": 0.0
      },
      {
        "name": "suspicious_html_title",
        "time": 0.0
      },
      {
        "name": "volatility_devicetree_1",
        "time": 0.0
      },
      {
        "name": "volatility_handles_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_2",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_1",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_2",
        "time": 0.0
      },
      {
        "name": "volatility_modscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_2",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_3",
        "time": 0.0
      },
      {
        "name": "whois_create",
        "time": 0.0
      },
      {
        "name": "accesses_mailslot",
        "time": 0.0
      },
      {
        "name": "accesses_netlogon_regkey",
        "time": 0.002
      },
      {
        "name": "accesses_public_folder",
        "time": 0.0
      },
      {
        "name": "accesses_sysvol",
        "time": 0.0
      },
      {
        "name": "writes_sysvol",
        "time": 0.0
      },
      {
        "name": "adds_admin_user",
        "time": 0.0
      },
      {
        "name": "adds_user",
        "time": 0.0
      },
      {
        "name": "overwrites_admin_password",
        "time": 0.0
      },
      {
        "name": "antianalysis_detectfile",
        "time": 0.002
      },
      {
        "name": "antianalysis_detectreg",
        "time": 0.257
      },
      {
        "name": "modify_attachment_manager",
        "time": 0.0
      },
      {
        "name": "antiav_detectfile",
        "time": 0.004
      },
      {
        "name": "antiav_detectreg",
        "time": 1.238
      },
      {
        "name": "antiav_srp",
        "time": 0.0
      },
      {
        "name": "antiav_whitespace",
        "time": 0.0
      },
      {
        "name": "antidebug_devices",
        "time": 0.001
      },
      {
        "name": "antiemu_windefend",
        "time": 0.0
      },
      {
        "name": "antiemu_wine_reg",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_fortinet_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_joe_anubis_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_mutex",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_threattrack_files",
        "time": 0.0
      },
      {
        "name": "antivm_bochs_keys",
        "time": 0.023
      },
      {
        "name": "antivm_generic_bios",
        "time": 0.02
      },
      {
        "name": "antivm_generic_diskreg",
        "time": 0.049
      },
      {
        "name": "antivm_hyperv_keys",
        "time": 0.023
      },
      {
        "name": "antivm_parallels_keys",
        "time": 0.069
      },
      {
        "name": "antivm_recentdocs",
        "time": 0.001
      },
      {
        "name": "antivm_vbox_devices",
        "time": 0.001
      },
      {
        "name": "antivm_vbox_files",
        "time": 0.002
      },
      {
        "name": "antivm_vbox_keys",
        "time": 0.138
      },
      {
        "name": "antivm_vmware_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_files",
        "time": 0.001
      },
      {
        "name": "antivm_vmware_keys",
        "time": 0.093
      },
      {
        "name": "antivm_vmware_mutexes",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_files",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_keys",
        "time": 0.045
      },
      {
        "name": "antivm_vpc_mutex",
        "time": 0.0
      },
      {
        "name": "antivm_xen_keys",
        "time": 0.068
      },
      {
        "name": "ketrican_regkeys",
        "time": 0.01
      },
      {
        "name": "bitcoin_opencl",
        "time": 0.0
      },
      {
        "name": "enumerates_physical_drives",
        "time": 0.0
      },
      {
        "name": "bot_russkill",
        "time": 0.0
      },
      {
        "name": "browser_addon",
        "time": 0.0
      },
      {
        "name": "chromium_browser_extension_directory",
        "time": 0.0
      },
      {
        "name": "browser_helper_object",
        "time": 0.0
      },
      {
        "name": "browser_security",
        "time": 0.001
      },
      {
        "name": "browser_startpage",
        "time": 0.0
      },
      {
        "name": "executes_headless_browser",
        "time": 0.0
      },
      {
        "name": "suspicious_browser_arguments",
        "time": 0.001
      },
      {
        "name": "ie_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "odbcconf_bypass",
        "time": 0.0
      },
      {
        "name": "squiblydoo_bypass",
        "time": 0.0
      },
      {
        "name": "squiblytwo_bypass",
        "time": 0.0
      },
      {
        "name": "bypass_chromium_protection",
        "time": 0.0
      },
      {
        "name": "bypass_firewall",
        "time": 0.023
      },
      {
        "name": "checks_uac_status",
        "time": 0.003
      },
      {
        "name": "uac_bypass_cmstpcom",
        "time": 0.0
      },
      {
        "name": "uac_bypass_delegateexecute_sdclt",
        "time": 0.0
      },
      {
        "name": "uac_bypass_fodhelper",
        "time": 0.0
      },
      {
        "name": "cape_extracted_content",
        "time": 0.0
      },
      {
        "name": "clears_logs",
        "time": 0.0
      },
      {
        "name": "cmdline_obfuscation",
        "time": 0.0
      },
      {
        "name": "cmdline_switches",
        "time": 0.0
      },
      {
        "name": "cmdline_terminate",
        "time": 0.0
      },
      {
        "name": "cmdline_forfiles_wildcard",
        "time": 0.0
      },
      {
        "name": "cmdline_http_link",
        "time": 0.0
      },
      {
        "name": "cmdline_long_string",
        "time": 0.0
      },
      {
        "name": "cmdline_reversed_http_link",
        "time": 0.0
      },
      {
        "name": "long_commandline",
        "time": 0.0
      },
      {
        "name": "powershell_renamed_commandline",
        "time": 0.0
      },
      {
        "name": "copies_self",
        "time": 0.0
      },
      {
        "name": "credwiz_credentialaccess",
        "time": 0.0
      },
      {
        "name": "enables_wdigest",
        "time": 0.0
      },
      {
        "name": "vaultcmd_credentialaccess",
        "time": 0.0
      },
      {
        "name": "file_credential_store_access",
        "time": 0.0
      },
      {
        "name": "file_credential_store_write",
        "time": 0.0
      },
      {
        "name": "kerberos_credential_access_via_rubeus",
        "time": 0.0
      },
      {
        "name": "registry_credential_dumping",
        "time": 0.0
      },
      {
        "name": "registry_credential_store_access",
        "time": 0.004
      },
      {
        "name": "registry_lsa_secrets_access",
        "time": 0.002
      },
      {
        "name": "comsvcs_credentialdump",
        "time": 0.0
      },
      {
        "name": "cryptomining_stratum_command",
        "time": 0.0
      },
      {
        "name": "deepfreeze_mutex",
        "time": 0.0
      },
      {
        "name": "deletes_executed_files",
        "time": 0.0
      },
      {
        "name": "disables_app_launch",
        "time": 0.0
      },
      {
        "name": "disables_auto_app_termination",
        "time": 0.0
      },
      {
        "name": "disables_appv_virtualization",
        "time": 0.0
      },
      {
        "name": "disables_backups",
        "time": 0.001
      },
      {
        "name": "disables_browser_warn",
        "time": 0.001
      },
      {
        "name": "disables_context_menus",
        "time": 0.0
      },
      {
        "name": "disables_cpl_disable",
        "time": 0.0
      },
      {
        "name": "disables_crashdumps",
        "time": 0.0
      },
      {
        "name": "disables_event_logging",
        "time": 0.0
      },
      {
        "name": "disables_folder_options",
        "time": 0.0
      },
      {
        "name": "disables_notificationcenter",
        "time": 0.0
      },
      {
        "name": "disables_power_options",
        "time": 0.001
      },
      {
        "name": "disables_restore_default_state",
        "time": 0.0
      },
      {
        "name": "disables_run_command",
        "time": 0.0
      },
      {
        "name": "disables_smartscreen",
        "time": 0.0
      },
      {
        "name": "disables_startmenu_search",
        "time": 0.0
      },
      {
        "name": "disables_system_restore",
        "time": 0.0
      },
      {
        "name": "disables_uac",
        "time": 0.0
      },
      {
        "name": "disables_wer",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender_logging",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_contextmenu",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_updates",
        "time": 0.0
      },
      {
        "name": "windows_defender_powershell",
        "time": 0.0
      },
      {
        "name": "disables_windows_file_protection",
        "time": 0.0
      },
      {
        "name": "disables_windowsupdate",
        "time": 0.0
      },
      {
        "name": "disables_winfirewall",
        "time": 0.0
      },
      {
        "name": "folder_enumeration",
        "time": 0.0
      },
      {
        "name": "discover_registry_mount_points",
        "time": 0.003
      },
      {
        "name": "adfind_domain_enumeration",
        "time": 0.0
      },
      {
        "name": "domain_enumeration_commands",
        "time": 0.0
      },
      {
        "name": "driver_filtermanager",
        "time": 0.0
      },
      {
        "name": "dropper",
        "time": 0.0
      },
      {
        "name": "dll_archive_execution",
        "time": 0.0
      },
      {
        "name": "lnk_archive_execution",
        "time": 0.0
      },
      {
        "name": "script_archive_execution",
        "time": 0.0
      },
      {
        "name": "excel4_macro_urls",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_ntlm_relay",
        "time": 0.0
      },
      {
        "name": "spooler_access",
        "time": 0.0
      },
      {
        "name": "spooler_svc_start",
        "time": 0.0
      },
      {
        "name": "mapped_drives_uac",
        "time": 0.0
      },
      {
        "name": "hides_recycle_bin_icon",
        "time": 0.0
      },
      {
        "name": "infostealer_bitcoin",
        "time": 0.003
      },
      {
        "name": "infostealer_ftp",
        "time": 0.418
      },
      {
        "name": "infostealer_im",
        "time": 0.235
      },
      {
        "name": "infostealer_mail",
        "time": 0.068
      },
      {
        "name": "Evade_Execution_Via_ASPNet_Compiler",
        "time": 0.0
      },
      {
        "name": "Evade_Execute_Via_DeviceCredentialDeployment",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Filter_Manager_Control",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Intel_GFXDownloadWrapper",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_appvlp",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_OpenSSH",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_PesterPSModule",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_ScriptRunner",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_ttdinject",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_VisualStudioLiveShare",
        "time": 0.0
      },
      {
        "name": "Execute_Msiexec_Via_Explorer",
        "time": 0.0
      },
      {
        "name": "execute_remote_msi",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_runscripthelper",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_sqlps",
        "time": 0.0
      },
      {
        "name": "Indirect_Command_Execution_Via_ConsoleWindowHost",
        "time": 0.0
      },
      {
        "name": "Perform_Malicious_Activities_Via_Headless_Browser",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_CertOC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_MSIEXEC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_Odbcconf",
        "time": 0.0
      },
      {
        "name": "Scriptlet_Proxy_Execution_Via_Pubprn",
        "time": 0.0
      },
      {
        "name": "ie_martian_children",
        "time": 0.0
      },
      {
        "name": "office_martian_children",
        "time": 0.0
      },
      {
        "name": "mimics_icon",
        "time": 0.0
      },
      {
        "name": "masquerade_process_name",
        "time": 0.004
      },
      {
        "name": "mimikatz_modules",
        "time": 0.0
      },
      {
        "name": "ms_office_cmd_rce",
        "time": 0.0
      },
      {
        "name": "mount_copy_to_webdav_share",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_legit_utilities",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_qemu",
        "time": 0.0
      },
      {
        "name": "suspicious_execution_via_dotnet_remoting",
        "time": 0.0
      },
      {
        "name": "modify_certs",
        "time": 0.0
      },
      {
        "name": "dotnet_clr_usagelog_regkeys",
        "time": 0.0
      },
      {
        "name": "modify_hostfile",
        "time": 0.0
      },
      {
        "name": "modify_oem_information",
        "time": 0.0
      },
      {
        "name": "modify_security_center_warnings",
        "time": 0.0
      },
      {
        "name": "modify_uac_prompt",
        "time": 0.0
      },
      {
        "name": "network_dns_blockchain",
        "time": 0.0
      },
      {
        "name": "network_dns_opennic",
        "time": 0.001
      },
      {
        "name": "network_dns_paste_site",
        "time": 0.001
      },
      {
        "name": "network_dns_reverse_proxy",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_file_storage",
        "time": 0.001
      },
      {
        "name": "network_dns_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_dns_url_shortener",
        "time": 0.005
      },
      {
        "name": "network_dns_doh_tls",
        "time": 0.0
      },
      {
        "name": "suspicious_tld",
        "time": 0.004
      },
      {
        "name": "network_tor_service",
        "time": 0.0
      },
      {
        "name": "office_code_page",
        "time": 0.0
      },
      {
        "name": "office_addinloading",
        "time": 0.0
      },
      {
        "name": "office_perfkey",
        "time": 0.0
      },
      {
        "name": "office_macro",
        "time": 0.0
      },
      {
        "name": "changes_trust_center_settings",
        "time": 0.0
      },
      {
        "name": "disables_vba_trust_access",
        "time": 0.0
      },
      {
        "name": "office_macro_autoexecution",
        "time": 0.0
      },
      {
        "name": "office_macro_ioc",
        "time": 0.0
      },
      {
        "name": "office_macro_malicious_prediction",
        "time": 0.0
      },
      {
        "name": "office_macro_suspicious",
        "time": 0.0
      },
      {
        "name": "rtf_aslr_bypass",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_characterset",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_version",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_content",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_office_file",
        "time": 0.0
      },
      {
        "name": "rtf_exploit_static",
        "time": 0.0
      },
      {
        "name": "office_security",
        "time": 0.0
      },
      {
        "name": "accesses_office_username",
        "time": 0.002
      },
      {
        "name": "office_anomalous_feature",
        "time": 0.0
      },
      {
        "name": "office_dde_command",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_mutex",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_regkey",
        "time": 0.003
      },
      {
        "name": "persistence_ads",
        "time": 0.0
      },
      {
        "name": "persistence_safeboot",
        "time": 0.0
      },
      {
        "name": "persistence_ifeo",
        "time": 0.0
      },
      {
        "name": "persistence_silent_process_exit",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_registry",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_shadowing",
        "time": 0.0
      },
      {
        "name": "persistence_service",
        "time": 0.0
      },
      {
        "name": "persistence_shim_database",
        "time": 0.0
      },
      {
        "name": "powershell_scriptblock_logging",
        "time": 0.0
      },
      {
        "name": "powershell_command_suspicious",
        "time": 0.0
      },
      {
        "name": "powershell_history_save_mod",
        "time": 0.0
      },
      {
        "name": "powershell_renamed",
        "time": 0.0
      },
      {
        "name": "powershell_reversed",
        "time": 0.0
      },
      {
        "name": "powershell_variable_obfuscation",
        "time": 0.0
      },
      {
        "name": "prevents_safeboot",
        "time": 0.0
      },
      {
        "name": "cmdline_process_discovery",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_generic",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_known",
        "time": 0.004
      },
      {
        "name": "ransomware_files",
        "time": 0.006
      },
      {
        "name": "ransomware_recyclebin",
        "time": 0.0
      },
      {
        "name": "ransomware_revil_regkey",
        "time": 0.0
      },
      {
        "name": "reads_password_database",
        "time": 0.0
      },
      {
        "name": "recon_fingerprint",
        "time": 0.015
      },
      {
        "name": "rdptcp_key",
        "time": 0.0
      },
      {
        "name": "uses_rdp_clip",
        "time": 0.0
      },
      {
        "name": "uses_remote_desktop_session",
        "time": 0.0
      },
      {
        "name": "removes_networking_icon",
        "time": 0.0
      },
      {
        "name": "removes_pinned_programs",
        "time": 0.0
      },
      {
        "name": "removes_security_maintenance_icon",
        "time": 0.0
      },
      {
        "name": "removes_startmenu_defaults",
        "time": 0.0
      },
      {
        "name": "removes_username_startmenu",
        "time": 0.0
      },
      {
        "name": "sniffer_winpcap",
        "time": 0.001
      },
      {
        "name": "spreading_autoruninf",
        "time": 0.0
      },
      {
        "name": "stealth_hidden_extension",
        "time": 0.0
      },
      {
        "name": "stealth_hiddenreg",
        "time": 0.0
      },
      {
        "name": "stealth_hide_notifications",
        "time": 0.0
      },
      {
        "name": "stealth_webhistory",
        "time": 0.0
      },
      {
        "name": "sysinternals_psexec",
        "time": 0.0
      },
      {
        "name": "sysinternals_tools",
        "time": 0.0
      },
      {
        "name": "language_check_registry",
        "time": 0.001
      },
      {
        "name": "tampers_etw",
        "time": 0.001
      },
      {
        "name": "lsa_tampering",
        "time": 0.0
      },
      {
        "name": "tampers_powershell_logging",
        "time": 0.0
      },
      {
        "name": "territorial_disputes_sigs",
        "time": 0.434
      },
      {
        "name": "uses_adfind",
        "time": 0.0
      },
      {
        "name": "uses_ms_protocol",
        "time": 0.0
      },
      {
        "name": "owa_web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_processes",
        "time": 0.0
      },
      {
        "name": "dotnet_csc_build",
        "time": 0.0
      },
      {
        "name": "mavinject_lolbin",
        "time": 0.0
      },
      {
        "name": "multiple_explorer_instances",
        "time": 0.0
      },
      {
        "name": "script_tool_executed",
        "time": 0.0
      },
      {
        "name": "suspicious_certutil_use",
        "time": 0.0
      },
      {
        "name": "suspicious_command_tools",
        "time": 0.004
      },
      {
        "name": "suspicious_mpcmdrun_use",
        "time": 0.0
      },
      {
        "name": "suspicious_ping_use",
        "time": 0.0
      },
      {
        "name": "uses_powershell_copyitem",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities",
        "time": 0.004
      },
      {
        "name": "uses_windows_utilities_appcmd",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_csvde_ldifde",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_cipher",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_clickonce",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_curl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_dsquery",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_esentutl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_finger",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_mode",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_ntdsutil",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_nltest",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_setx",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_xcopy",
        "time": 0.0
      },
      {
        "name": "wmic_command_suspicious",
        "time": 0.0
      },
      {
        "name": "scrcons_wmi_script_consumer",
        "time": 0.0
      }
    ],
    "reporting": [
      {
        "name": "BinGraph",
        "time": 0.0
      }
    ]
  },
  "target": {
    "category": "file",
    "file": {
      "name": "0001.jpg",
      "path": "/opt/CAPEv2/storage/binaries/39d6156aa04b687e55b7fde9df2abfc31d880b91863320f04d518b111b08d321",
      "guest_paths": "",
      "size": 84157,
      "crc32": "E25D7393",
      "md5": "55c6aa947b95384cf2be1fa2813ce1fd",
      "sha1": "0ac6d75345699773cdd6743dc659aeb74263bcd7",
      "sha256": "39d6156aa04b687e55b7fde9df2abfc31d880b91863320f04d518b111b08d321",
      "sha512": "22476aca9d6e20ab33315fc06e3430fdb1330d62605c546db0def20f7632248b42dbeb49ce0524082e97838a21e61e42fc12cf9431f6a636b41e74f1d4ded253",
      "rh_hash": null,
      "ssdeep": "1536:Lq3NrbRa8Gm62Ef/K+IvNEeR1tFS+NtfvNC1P3dg1YRoSZtOoF8sgZ:CGmynVIvNEQndN5va3ObCOoeJZ",
      "type": "JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x768, components 3",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T1CC83123F5A0AA992A3F90F9008CDD54D404AB985A24E70C9D3EBFFF5A150E7A7911385",
      "sha3_384": "0b7e0a113fb2c5df46a8a676a65d399d67160e3a6bd94255c2d79a9e944509229259dcc5cc38cf915658a6ef8e84da30",
      "yara_hash": "68e243d1d9aeb1f1e94057af9823c58e140832514ed3e7b46b181bf94e4e12ce",
      "options_hash": "b7818797508282994ea72592ded64b364725c9400a38d418189579c94a89385e",
      "data": null,
      "strings": [
        "&-&iy",
        "-'H^Q",
        "gU8uD",
        "^!rlU9jz-",
        "piuV2u",
        "Yj2([",
        "ubO@?*",
        "Aomck=",
        "TBmhSDv",
        "U8_AX",
        "O(m'vq",
        "b09 ~4",
        "0E{nj",
        "%[HJ/,z",
        "9oaRH",
        "JUW<y",
        "B9'=x",
        "yj0A,",
        "^G%qY",
        "k)nn[w",
        "xdi#A ",
        "kd|C1S\"",
        "F>k|cb",
        "Y7}C`",
        "j5#EE;;",
        "vV+Cv",
        "V lX[",
        "[{-6[",
        "$s<V>R",
        "J3L.(4f",
        "sX)Dr",
        "!i4And",
        "WQ\\L$",
        "3[5SS",
        "HN($k",
        "5t(nm[",
        "C>*&~j",
        "HE_{P:Uw",
        "8@9cZ",
        "?9,Ja",
        "9RG*}",
        "/|I}{yqpm!7",
        "xoKo[8",
        "%,ZK?",
        "Gq4G(",
        "J)qE1",
        "cSH`I",
        ")';On",
        "P!))M",
        "6N02x",
        "BCy<Q",
        "P!1E/",
        "7P{DI",
        "53v:Sa",
        "U_>Lm",
        "\\QE-0",
        "'AHkS",
        "u&g%J",
        "o2_'f",
        "\\~isL",
        "Os;_Y",
        "bO;sV",
        "ynNpI",
        "qy33JG",
        "smiyh",
        "HE%!9",
        "Z2NM7",
        "&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz",
        "p4j?~",
        "JQ]S<l",
        "Zis8e",
        "`B#bZBF",
        "c'N*)ha<<f",
        "fl1E.)",
        "LbQKE",
        "4s;X.;4f",
        "3H.;4",
        "J_2SY2",
        "vss1f",
        ",N9<z",
        "wc|\"<",
        "u-n1w",
        "Y-CZl",
        "5Hz.*P1M",
        "47d&P",
        "T<4FQ",
        "Jmmk;",
        "ZJwjv",
        "Fi,}_",
        "t.isL",
        "kJu:14;N",
        "A$8ER",
        "E=QPaT(",
        "KiR-Z",
        "M`Ie2Hw",
        "mm3(I",
        "?mX').",
        "y6<#|",
        "OJtQn=*",
        "H]XS2",
        "Beqgn",
        "7S3Fk",
        "Bm#lQ\\",
        "3*!f`",
        "K+i=}",
        "3Z^<lx",
        "=Q1KK",
        "_UxCC",
        "p=k2I",
        "RO-P3",
        "RdRQ@",
        "~4~4~",
        " rv9 ",
        "a%ebG\"+UOju",
        "jWfi?pd;7",
        "veI]jIc.",
        "$gh=>RI'",
        "NMnYh",
        "NHKc4",
        "kqlB#",
        "&-sM$",
        "}i{)/",
        "N-l5.",
        "KvzTp",
        "'x.'>rc1",
        "XTSI#XR",
        "0mByu",
        "\\QKHBb",
        "PF_vX",
        "u*w(>",
        "be7c*",
        "kyIEX",
        ")zmmm",
        "l1M$N",
        "ZZZGl",
        "KH.)=",
        "Ejg%sj",
        "mY`>Y",
        "r'g TfJ",
        ".i3IK",
        "_28U_",
        ".+-Y4t",
        "Z)3Fh",
        "FS~MF",
        "QCB-q-",
        "<Si{S",
        "RB  g",
        "GNjX\"[",
        "SikhH",
        ",pHbx",
        "2m@I'",
        "moc<l-",
        ",GJ|wL",
        "tF@^m",
        "R;Up*",
        "\\678lq",
        "M\\4Wf2",
        "<l5ia",
        "wTSz!!URfn",
        "n>bkF",
        "Ouyww",
        "VTjqEj",
        "WoBX+aN7mlgi",
        "Wo<!nW",
        "k+}kuo",
        "#I#uf95V",
        "/-[t72",
        ")3\\W>Q",
        "[pJ.a",
        "O^~VE",
        "mFO614S",
        "Yn\"0s",
        "uXg*N8",
        ",agVd",
        "4IcpT",
        "Tlhb#cQ",
        "U{_K_m",
        "8Z<_/",
        "ii3Fh",
        ",2Wd89",
        "=EkNV2",
        "=))11",
        "cL6}J",
        "'9=82<.342",
        "_i%VPy",
        "i$:\\n",
        "TsIt!",
        "ItR3 y",
        "C${e1}",
        "vjw(#",
        "FsIm'",
        "wKHav",
        "~J+S:",
        "eUL7Q",
        ",2sV'}",
        "4F7`w",
        "%N9=3Z]J",
        "\\-,5eZ*",
        "j.]nr",
        "S!y!a",
        "E],v&I",
        "J)qE0",
        "iY/#X",
        "]950}R",
        "YkCG;/TV<",
        ",{}+*",
        "LW1ZF#",
        "Q\\sw2aE",
        ".i3IHc",
        "HS/pT",
        "}sY:_",
        "+}n}R",
        "}kM;u",
        "J)M%QbQKI",
        "G!ys&4",
        "B~Y^ERr8",
        "(Rq$*#A",
        "P!iGJAJx",
        ":TR&j#&",
        "O`+N[",
        "ZJZZ.",
        "&PB3s",
        "kvxLm",
        "I\"GFE",
        "X>\"'h\\",
        "<S3Fi",
        "(>Y+3d",
        "cm%U$",
        "'5i^`",
        "7T5*o",
        "q\\visL",
        ".Mf-3N",
        "e&O3;G",
        "Uo.XP(\\",
        "w[MB)",
        "*_]$V",
        "}+<MI",
        "+\"?U?",
        "Ri)11)(4",
        "6zV)1\\",
        "cL/5X",
        "J}tGc",
        "11oe2",
        "{smjF",
        "W.qm&2Nx",
        "ZE:Hum9",
        "\\QE{G",
        "},5|#;",
        "a^EIsI",
        "@{mpG",
        "t*3\"w",
        "EhBW*[",
        "}mf-c",
        "1Uu,;",
        "{~zsZ",
        "KkM'O",
        ".nnd2",
        "YrCq1",
        "!Y$P2",
        "63[I&",
        "q+Awk8",
        "|mw1 i0",
        "r4QEs",
        "wwmwy7",
        "/LfQm",
        "a~b}iN",
        "qmcu$",
        "mR;[K",
        "Elz9e",
        ")Altt",
        "Z)3Fi",
        "u$0=A",
        "A#1M+R",
        "[YiG#f",
        "r[[[kvk",
        "[H|_n",
        "XaIKE",
        "Eii$*",
        "2+I!f",
        "Ekg+\"",
        "F5+Ur",
        "^X33E",
        "\\visL",
        "wjW3l",
        "F9ZA:",
        ",-.i(",
        "R]CTN",
        "5k)n\\",
        "!22222222222222222222222222222222222222222222222222",
        "=pEkN",
        "lZ3IHh ",
        "rN=k;O",
        "Z3E%!",
        "DGpql",
        "bUJi_T|",
        "p5B0a",
        "/ncs3< (",
        "&*\\SH",
        "3HAFi3Fh",
        "}jI#*",
        "O#-:Y",
        "tkYi\"",
        "ZJ,!(",
        "Ae&>S",
        ") oB+",
        "uqq$)",
        "QFi)\\.-%!",
        "z$-%-",
        "Y]\\[ZX",
        "SsFs@\\vh",
        "5*{9w",
        "AK_Cc",
        "4~4Rf",
        "k4Yj)< Xi",
        "-5;{K",
        "aIKIH",
        "#i#H\"Y7",
        "dn)1N",
        " $.' \",#",
        "'3!UeF`",
        "HB(e*UAS",
        "Mhajb",
        ",851}",
        "e:jVqEn.",
        "vJvwG'",
        "g=4*3",
        "P{sW$",
        "fq-[6^bn^j",
        "H~L`n",
        "9&f=j",
        "LFkN-",
        "HRAE&h",
        "Jfi3E",
        "H)i+U#E ",
        "CKMfTR",
        "'<Oku{",
        "e%frZ",
        "$O1pT",
        "-nPe&",
        "i;IIu",
        "(*0rz",
        "wkiVH|)",
        "A8<W{",
        "nAtRe",
        "EJ2kFU",
        "Nkz={L",
        "sE%.i",
        "h2lQW,T5",
        "q`ppp:r",
        "~4~4sG4Xf",
        "(mn!v]Z",
        "Fb[g6",
        "X3xcL",
        "q,/4k ",
        "~'a|9",
        "q_FxV",
        "Y70QSNv",
        "uk}KY",
        "$@ $u",
        "iqXKb",
        "(7),01444",
        "0\\.T.[",
        "pw+c#",
        "KKXlm",
        "5])s$",
        "N6~^Z",
        "cu#K*",
        "qe88<",
        "N2,o$",
        "xR=#U11",
        "d :HLx",
        "cTHQc",
        "%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz",
        "zT7Oq",
        "0*/aT",
        "qus{<-i",
        "=zVmn",
        "j6jV5",
        "1KGjv",
        "\\SHM!>",
        "k{[O4HHv9",
        "E.)1E",
        "RyVY'PD",
        "\\.Gwk",
        "h#{Y$d",
        "!+L<PA",
        "5%Amw",
        ")i3Fi",
        ")BvMm",
        "uRQVL",
        "8;QpN",
        "3I#9'",
        "@NHRq",
        "*I[sZ",
        "))i3@",
        "<LZ{jZ5z",
        "o#>DLFvp",
        "W~lc=}+",
        "VU@Hlc#",
        "khSoV4",
        "{QE-;",
        "\\yjAQ",
        "8Gl5/",
        "Tol;T",
        "odLWS>",
        "'V<MnB",
        "_Qc;Z",
        "lSPBv"
      ],
      "virustotal": {
        "error": true,
        "msg": "Unable to complete connection to VirusTotal. Status code: 429"
      },
      "executed_tools": [
        "msi_extract",
        "overlay",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": ""
    }
  },
  "procdump": [
    {
      "name": "6fdb66c7cc6af48318ac063e472999e4271db238038017883c923ca46ee35795",
      "path": "/opt/CAPEv2/storage/analyses/101/procdump/6fdb66c7cc6af48318ac063e472999e4271db238038017883c923ca46ee35795",
      "guest_paths": "1;?C:\\Windows\\System32\\cmd.exe;?C:\\Windows\\System32\\cmd.exe;?",
      "size": 401920,
      "crc32": "0932AAC1",
      "md5": "b394ea75cb0df6d5241ad4e20748c3b4",
      "sha1": "3489880e09ad7b8be3bf455e29d4d0b485a993c6",
      "sha256": "6fdb66c7cc6af48318ac063e472999e4271db238038017883c923ca46ee35795",
      "sha512": "b722782226e06ad1effa56acf0a967b1c1df8963fd968147537f9ae3b649a14bc65b9c1be15c62043cfd1e34d4a1dab84db54b7d52c130dde938ecbf76f44f36",
      "rh_hash": null,
      "ssdeep": "6144:d4WA1B7BxDfQWKORSqY4zOcmpdlc3MJdmtnl4m:U1BvkWvSqY4zvmjO8JIs",
      "type": "PE32+ executable (console) x86-64, for MS Windows",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T1B884391D239818A5E5238179D903C276C6B27D346321A6EF22D0CD7B7F63AE97638B05",
      "sha3_384": "1a11e8f19600179fc02fc4f189b3ae86cd080430e92e688eef4e395fe54dc9978f73f85e18c2aa1889a58e1323137495",
      "yara_hash": "68e243d1d9aeb1f1e94057af9823c58e140832514ed3e7b46b181bf94e4e12ce",
      "options_hash": "b7818797508282994ea72592ded64b364725c9400a38d418189579c94a89385e",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "File not found: C:\\Users\\Rajesh\\AppData\\Local\\Temp\\101\\0001.jpg",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x7ff79a450000",
        "entrypoint": "0x00018f50",
        "ep_bytes": "4883ec28e82b0600004883c428e91efe",
        "peid_signatures": null,
        "reported_checksum": "0x0004d4af",
        "actual_checksum": "0x0006ef9a",
        "osversion": "10.0",
        "machine_type": "IMAGE_FILE_MACHINE_AMD64",
        "pdbpath": "cmd.pdb",
        "imports": {
          "msvcrt": {
            "dll": "msvcrt.dll",
            "imports": [
              {
                "address": "0x7ff79a483af8",
                "name": "_setmode"
              },
              {
                "address": "0x7ff79a483b00",
                "name": "exit"
              },
              {
                "address": "0x7ff79a483b08",
                "name": "iswxdigit"
              },
              {
                "address": "0x7ff79a483b10",
                "name": "time"
              },
              {
                "address": "0x7ff79a483b18",
                "name": "srand"
              },
              {
                "address": "0x7ff79a483b20",
                "name": "_wtol"
              },
              {
                "address": "0x7ff79a483b28",
                "name": "fflush"
              },
              {
                "address": "0x7ff79a483b30",
                "name": "wcsstr"
              },
              {
                "address": "0x7ff79a483b38",
                "name": "iswalpha"
              },
              {
                "address": "0x7ff79a483b40",
                "name": "wcstoul"
              },
              {
                "address": "0x7ff79a483b48",
                "name": "_errno"
              },
              {
                "address": "0x7ff79a483b50",
                "name": "printf"
              },
              {
                "address": "0x7ff79a483b58",
                "name": "rand"
              },
              {
                "address": "0x7ff79a483b60",
                "name": "fprintf"
              },
              {
                "address": "0x7ff79a483b68",
                "name": "wcsncmp"
              },
              {
                "address": "0x7ff79a483b70",
                "name": "_pipe"
              },
              {
                "address": "0x7ff79a483b78",
                "name": "_commode"
              },
              {
                "address": "0x7ff79a483b80",
                "name": "_lock"
              },
              {
                "address": "0x7ff79a483b88",
                "name": "wcsrchr"
              },
              {
                "address": "0x7ff79a483b90",
                "name": "realloc"
              },
              {
                "address": "0x7ff79a483b98",
                "name": "towlower"
              },
              {
                "address": "0x7ff79a483ba0",
                "name": "_initterm"
              },
              {
                "address": "0x7ff79a483ba8",
                "name": "__setusermatherr"
              },
              {
                "address": "0x7ff79a483bb0",
                "name": "setlocale"
              },
              {
                "address": "0x7ff79a483bb8",
                "name": "_wcsupr"
              },
              {
                "address": "0x7ff79a483bc0",
                "name": "iswdigit"
              },
              {
                "address": "0x7ff79a483bc8",
                "name": "_ultoa"
              },
              {
                "address": "0x7ff79a483bd0",
                "name": "_cexit"
              },
              {
                "address": "0x7ff79a483bd8",
                "name": "_unlock"
              },
              {
                "address": "0x7ff79a483be0",
                "name": "_exit"
              },
              {
                "address": "0x7ff79a483be8",
                "name": "__dllonexit"
              },
              {
                "address": "0x7ff79a483bf0",
                "name": "_wcsicmp"
              },
              {
                "address": "0x7ff79a483bf8",
                "name": "iswspace"
              },
              {
                "address": "0x7ff79a483c00",
                "name": "wcschr"
              },
              {
                "address": "0x7ff79a483c08",
                "name": "fgets"
              },
              {
                "address": "0x7ff79a483c10",
                "name": "??_V@YAXPEAX@Z"
              },
              {
                "address": "0x7ff79a483c18",
                "name": "_pclose"
              },
              {
                "address": "0x7ff79a483c20",
                "name": "ferror"
              },
              {
                "address": "0x7ff79a483c28",
                "name": "_onexit"
              },
              {
                "address": "0x7ff79a483c30",
                "name": "__CxxFrameHandler3"
              },
              {
                "address": "0x7ff79a483c38",
                "name": "_open_osfhandle"
              },
              {
                "address": "0x7ff79a483c40",
                "name": "_close"
              },
              {
                "address": "0x7ff79a483c48",
                "name": "feof"
              },
              {
                "address": "0x7ff79a483c50",
                "name": "_dup"
              },
              {
                "address": "0x7ff79a483c58",
                "name": "_wpopen"
              },
              {
                "address": "0x7ff79a483c60",
                "name": "_wcsnicmp"
              },
              {
                "address": "0x7ff79a483c68",
                "name": "?terminate@@YAXXZ"
              },
              {
                "address": "0x7ff79a483c70",
                "name": "memset"
              },
              {
                "address": "0x7ff79a483c78",
                "name": "wcstol"
              },
              {
                "address": "0x7ff79a483c80",
                "name": "_get_osfhandle"
              },
              {
                "address": "0x7ff79a483c88",
                "name": "_dup2"
              },
              {
                "address": "0x7ff79a483c90",
                "name": "_getch"
              },
              {
                "address": "0x7ff79a483c98",
                "name": "towupper"
              },
              {
                "address": "0x7ff79a483ca0",
                "name": "memcmp"
              },
              {
                "address": "0x7ff79a483ca8",
                "name": "_setjmp"
              },
              {
                "address": "0x7ff79a483cb0",
                "name": "wcsspn"
              },
              {
                "address": "0x7ff79a483cb8",
                "name": "_fmode"
              },
              {
                "address": "0x7ff79a483cc0",
                "name": "qsort"
              },
              {
                "address": "0x7ff79a483cc8",
                "name": "__set_app_type"
              },
              {
                "address": "0x7ff79a483cd0",
                "name": "_tell"
              },
              {
                "address": "0x7ff79a483cd8",
                "name": "_wcslwr"
              },
              {
                "address": "0x7ff79a483ce0",
                "name": "longjmp"
              },
              {
                "address": "0x7ff79a483ce8",
                "name": "_local_unwind"
              },
              {
                "address": "0x7ff79a483cf0",
                "name": "_purecall"
              },
              {
                "address": "0x7ff79a483cf8",
                "name": "__C_specific_handler"
              },
              {
                "address": "0x7ff79a483d00",
                "name": "??3@YAXPEAX@Z"
              },
              {
                "address": "0x7ff79a483d08",
                "name": "memcpy_s"
              },
              {
                "address": "0x7ff79a483d10",
                "name": "free"
              },
              {
                "address": "0x7ff79a483d18",
                "name": "calloc"
              },
              {
                "address": "0x7ff79a483d20",
                "name": "__getmainargs"
              },
              {
                "address": "0x7ff79a483d28",
                "name": "_XcptFilter"
              },
              {
                "address": "0x7ff79a483d30",
                "name": "_amsg_exit"
              },
              {
                "address": "0x7ff79a483d38",
                "name": "??1type_info@@UEAA@XZ"
              },
              {
                "address": "0x7ff79a483d40",
                "name": "memmove"
              },
              {
                "address": "0x7ff79a483d48",
                "name": "memcpy"
              },
              {
                "address": "0x7ff79a483d50",
                "name": "_CxxThrowException"
              },
              {
                "address": "0x7ff79a483d58",
                "name": "_vsnwprintf"
              },
              {
                "address": "0x7ff79a483d60",
                "name": "swscanf"
              },
              {
                "address": "0x7ff79a483d68",
                "name": "__iob_func"
              },
              {
                "address": "0x7ff79a483d70",
                "name": "malloc"
              },
              {
                "address": "0x7ff79a483d78",
                "name": "_callnewh"
              },
              {
                "address": "0x7ff79a483d80",
                "name": "??0exception@@QEAA@AEBQEBD@Z"
              },
              {
                "address": "0x7ff79a483d88",
                "name": "??0exception@@QEAA@AEBQEBDH@Z"
              },
              {
                "address": "0x7ff79a483d90",
                "name": "??0exception@@QEAA@AEBV0@@Z"
              },
              {
                "address": "0x7ff79a483d98",
                "name": "??1exception@@UEAA@XZ"
              },
              {
                "address": "0x7ff79a483da0",
                "name": "?what@exception@@UEBAPEBDXZ"
              },
              {
                "address": "0x7ff79a483da8",
                "name": "wcscmp"
              }
            ]
          },
          "ntdll": {
            "dll": "ntdll.dll",
            "imports": [
              {
                "address": "0x7ff79a483db8",
                "name": "RtlLookupFunctionEntry"
              },
              {
                "address": "0x7ff79a483dc0",
                "name": "RtlCaptureContext"
              },
              {
                "address": "0x7ff79a483dc8",
                "name": "NtOpenProcessToken"
              },
              {
                "address": "0x7ff79a483dd0",
                "name": "NtQueryInformationToken"
              },
              {
                "address": "0x7ff79a483dd8",
                "name": "NtClose"
              },
              {
                "address": "0x7ff79a483de0",
                "name": "NtOpenThreadToken"
              },
              {
                "address": "0x7ff79a483de8",
                "name": "RtlFreeHeap"
              },
              {
                "address": "0x7ff79a483df0",
                "name": "NtFsControlFile"
              },
              {
                "address": "0x7ff79a483df8",
                "name": "RtlDosPathNameToNtPathName_U"
              },
              {
                "address": "0x7ff79a483e00",
                "name": "RtlVirtualUnwind"
              },
              {
                "address": "0x7ff79a483e08",
                "name": "RtlFreeUnicodeString"
              },
              {
                "address": "0x7ff79a483e10",
                "name": "RtlReleaseRelativeName"
              },
              {
                "address": "0x7ff79a483e18",
                "name": "NtOpenFile"
              },
              {
                "address": "0x7ff79a483e20",
                "name": "RtlDosPathNameToRelativeNtPathName_U_WithStatus"
              },
              {
                "address": "0x7ff79a483e28",
                "name": "NtSetInformationFile"
              },
              {
                "address": "0x7ff79a483e30",
                "name": "NtQueryVolumeInformationFile"
              },
              {
                "address": "0x7ff79a483e38",
                "name": "NtSetInformationProcess"
              },
              {
                "address": "0x7ff79a483e40",
                "name": "NtQueryInformationProcess"
              },
              {
                "address": "0x7ff79a483e48",
                "name": "RtlNtStatusToDosError"
              },
              {
                "address": "0x7ff79a483e50",
                "name": "NtCancelSynchronousIoFile"
              },
              {
                "address": "0x7ff79a483e58",
                "name": "RtlCreateUnicodeStringFromAsciiz"
              },
              {
                "address": "0x7ff79a483e60",
                "name": "RtlFindLeastSignificantBit"
              }
            ]
          },
          "api-ms-win-core-kernel32-legacy-l1-1-0": {
            "dll": "api-ms-win-core-kernel32-legacy-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483788",
                "name": "CopyFileW"
              },
              {
                "address": "0x7ff79a483790",
                "name": "GetConsoleWindow"
              }
            ]
          },
          "api-ms-win-core-libraryloader-l1-2-0": {
            "dll": "api-ms-win-core-libraryloader-l1-2-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4837a0",
                "name": "GetModuleHandleW"
              },
              {
                "address": "0x7ff79a4837a8",
                "name": "GetModuleFileNameA"
              },
              {
                "address": "0x7ff79a4837b0",
                "name": "LoadLibraryExW"
              },
              {
                "address": "0x7ff79a4837b8",
                "name": "GetProcAddress"
              },
              {
                "address": "0x7ff79a4837c0",
                "name": "GetModuleFileNameW"
              },
              {
                "address": "0x7ff79a4837c8",
                "name": "GetModuleHandleExW"
              }
            ]
          },
          "api-ms-win-core-synch-l1-1-0": {
            "dll": "api-ms-win-core-synch-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4839c8",
                "name": "CreateSemaphoreExW"
              },
              {
                "address": "0x7ff79a4839d0",
                "name": "InitializeCriticalSection"
              },
              {
                "address": "0x7ff79a4839d8",
                "name": "WaitForSingleObject"
              },
              {
                "address": "0x7ff79a4839e0",
                "name": "ReleaseSemaphore"
              },
              {
                "address": "0x7ff79a4839e8",
                "name": "TryAcquireSRWLockExclusive"
              },
              {
                "address": "0x7ff79a4839f0",
                "name": "WaitForSingleObjectEx"
              },
              {
                "address": "0x7ff79a4839f8",
                "name": "ReleaseMutex"
              },
              {
                "address": "0x7ff79a483a00",
                "name": "ReleaseSRWLockShared"
              },
              {
                "address": "0x7ff79a483a08",
                "name": "AcquireSRWLockShared"
              },
              {
                "address": "0x7ff79a483a10",
                "name": "LeaveCriticalSection"
              },
              {
                "address": "0x7ff79a483a18",
                "name": "CreateMutexExW"
              },
              {
                "address": "0x7ff79a483a20",
                "name": "EnterCriticalSection"
              },
              {
                "address": "0x7ff79a483a28",
                "name": "ReleaseSRWLockExclusive"
              },
              {
                "address": "0x7ff79a483a30",
                "name": "OpenSemaphoreW"
              }
            ]
          },
          "api-ms-win-core-heap-l1-1-0": {
            "dll": "api-ms-win-core-heap-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483720",
                "name": "HeapFree"
              },
              {
                "address": "0x7ff79a483728",
                "name": "HeapAlloc"
              },
              {
                "address": "0x7ff79a483730",
                "name": "GetProcessHeap"
              },
              {
                "address": "0x7ff79a483738",
                "name": "HeapSetInformation"
              },
              {
                "address": "0x7ff79a483740",
                "name": "HeapReAlloc"
              },
              {
                "address": "0x7ff79a483748",
                "name": "HeapSize"
              }
            ]
          },
          "api-ms-win-core-errorhandling-l1-1-0": {
            "dll": "api-ms-win-core-errorhandling-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4835c8",
                "name": "SetLastError"
              },
              {
                "address": "0x7ff79a4835d0",
                "name": "UnhandledExceptionFilter"
              },
              {
                "address": "0x7ff79a4835d8",
                "name": "GetLastError"
              },
              {
                "address": "0x7ff79a4835e0",
                "name": "SetErrorMode"
              },
              {
                "address": "0x7ff79a4835e8",
                "name": "SetUnhandledExceptionFilter"
              }
            ]
          },
          "api-ms-win-core-processthreads-l1-1-0": {
            "dll": "api-ms-win-core-processthreads-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4838b0",
                "name": "InitializeProcThreadAttributeList"
              },
              {
                "address": "0x7ff79a4838b8",
                "name": "GetCurrentThreadId"
              },
              {
                "address": "0x7ff79a4838c0",
                "name": "UpdateProcThreadAttribute"
              },
              {
                "address": "0x7ff79a4838c8",
                "name": "DeleteProcThreadAttributeList"
              },
              {
                "address": "0x7ff79a4838d0",
                "name": "GetStartupInfoW"
              },
              {
                "address": "0x7ff79a4838d8",
                "name": "CreateProcessAsUserW"
              },
              {
                "address": "0x7ff79a4838e0",
                "name": "OpenThread"
              },
              {
                "address": "0x7ff79a4838e8",
                "name": "CreateProcessW"
              },
              {
                "address": "0x7ff79a4838f0",
                "name": "ResumeThread"
              },
              {
                "address": "0x7ff79a4838f8",
                "name": "TerminateProcess"
              },
              {
                "address": "0x7ff79a483900",
                "name": "GetExitCodeProcess"
              },
              {
                "address": "0x7ff79a483908",
                "name": "GetCurrentProcess"
              },
              {
                "address": "0x7ff79a483910",
                "name": "GetCurrentProcessId"
              }
            ]
          },
          "api-ms-win-core-localization-l1-2-0": {
            "dll": "api-ms-win-core-localization-l1-2-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4837d8",
                "name": "GetThreadLocale"
              },
              {
                "address": "0x7ff79a4837e0",
                "name": "SetThreadLocale"
              },
              {
                "address": "0x7ff79a4837e8",
                "name": "FormatMessageW"
              },
              {
                "address": "0x7ff79a4837f0",
                "name": "GetLocaleInfoW"
              },
              {
                "address": "0x7ff79a4837f8",
                "name": "GetCPInfo"
              },
              {
                "address": "0x7ff79a483800",
                "name": "GetACP"
              },
              {
                "address": "0x7ff79a483808",
                "name": "GetUserDefaultLCID"
              }
            ]
          },
          "api-ms-win-core-debug-l1-1-0": {
            "dll": "api-ms-win-core-debug-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483588",
                "name": "OutputDebugStringW"
              },
              {
                "address": "0x7ff79a483590",
                "name": "DebugBreak"
              },
              {
                "address": "0x7ff79a483598",
                "name": "IsDebuggerPresent"
              }
            ]
          },
          "api-ms-win-core-handle-l1-1-0": {
            "dll": "api-ms-win-core-handle-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483708",
                "name": "DuplicateHandle"
              },
              {
                "address": "0x7ff79a483710",
                "name": "CloseHandle"
              }
            ]
          },
          "api-ms-win-core-memory-l1-1-0": {
            "dll": "api-ms-win-core-memory-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483818",
                "name": "VirtualAlloc"
              },
              {
                "address": "0x7ff79a483820",
                "name": "VirtualQuery"
              },
              {
                "address": "0x7ff79a483828",
                "name": "VirtualFree"
              },
              {
                "address": "0x7ff79a483830",
                "name": "ReadProcessMemory"
              }
            ]
          },
          "api-ms-win-core-console-l1-1-0": {
            "dll": "api-ms-win-core-console-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4834e0",
                "name": "ReadConsoleW"
              },
              {
                "address": "0x7ff79a4834e8",
                "name": "SetConsoleCtrlHandler"
              },
              {
                "address": "0x7ff79a4834f0",
                "name": "SetConsoleMode"
              },
              {
                "address": "0x7ff79a4834f8",
                "name": "WriteConsoleW"
              },
              {
                "address": "0x7ff79a483500",
                "name": "GetConsoleMode"
              },
              {
                "address": "0x7ff79a483508",
                "name": "GetConsoleOutputCP"
              }
            ]
          },
          "api-ms-win-core-file-l1-1-0": {
            "dll": "api-ms-win-core-file-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4835f8",
                "name": "CreateFileW"
              },
              {
                "address": "0x7ff79a483600",
                "name": "FlushFileBuffers"
              },
              {
                "address": "0x7ff79a483608",
                "name": "GetFileAttributesExW"
              },
              {
                "address": "0x7ff79a483610",
                "name": "GetDriveTypeW"
              },
              {
                "address": "0x7ff79a483618",
                "name": "FindClose"
              },
              {
                "address": "0x7ff79a483620",
                "name": "FindNextFileW"
              },
              {
                "address": "0x7ff79a483628",
                "name": "CreateDirectoryW"
              },
              {
                "address": "0x7ff79a483630",
                "name": "GetVolumeInformationW"
              },
              {
                "address": "0x7ff79a483638",
                "name": "SetFileAttributesW"
              },
              {
                "address": "0x7ff79a483640",
                "name": "SetEndOfFile"
              },
              {
                "address": "0x7ff79a483648",
                "name": "SetFilePointerEx"
              },
              {
                "address": "0x7ff79a483650",
                "name": "WriteFile"
              },
              {
                "address": "0x7ff79a483658",
                "name": "DeleteFileW"
              },
              {
                "address": "0x7ff79a483660",
                "name": "SetFileTime"
              },
              {
                "address": "0x7ff79a483668",
                "name": "GetVolumePathNameW"
              },
              {
                "address": "0x7ff79a483670",
                "name": "SetFilePointer"
              },
              {
                "address": "0x7ff79a483678",
                "name": "ReadFile"
              },
              {
                "address": "0x7ff79a483680",
                "name": "GetFileAttributesW"
              },
              {
                "address": "0x7ff79a483688",
                "name": "GetFileType"
              },
              {
                "address": "0x7ff79a483690",
                "name": "RemoveDirectoryW"
              },
              {
                "address": "0x7ff79a483698",
                "name": "FindFirstFileExW"
              },
              {
                "address": "0x7ff79a4836a0",
                "name": "CompareFileTime"
              },
              {
                "address": "0x7ff79a4836a8",
                "name": "GetFullPathNameW"
              },
              {
                "address": "0x7ff79a4836b0",
                "name": "GetDiskFreeSpaceExW"
              },
              {
                "address": "0x7ff79a4836b8",
                "name": "FileTimeToLocalFileTime"
              },
              {
                "address": "0x7ff79a4836c0",
                "name": "GetFileSize"
              },
              {
                "address": "0x7ff79a4836c8",
                "name": "FindFirstFileW"
              }
            ]
          },
          "api-ms-win-core-string-l1-1-0": {
            "dll": "api-ms-win-core-string-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483998",
                "name": "WideCharToMultiByte"
              },
              {
                "address": "0x7ff79a4839a0",
                "name": "MultiByteToWideChar"
              }
            ]
          },
          "api-ms-win-core-processenvironment-l1-1-0": {
            "dll": "api-ms-win-core-processenvironment-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483840",
                "name": "GetCommandLineW"
              },
              {
                "address": "0x7ff79a483848",
                "name": "GetEnvironmentStringsW"
              },
              {
                "address": "0x7ff79a483850",
                "name": "ExpandEnvironmentStringsW"
              },
              {
                "address": "0x7ff79a483858",
                "name": "FreeEnvironmentStringsW"
              },
              {
                "address": "0x7ff79a483860",
                "name": "SetEnvironmentVariableW"
              },
              {
                "address": "0x7ff79a483868",
                "name": "SearchPathW"
              },
              {
                "address": "0x7ff79a483870",
                "name": "SetCurrentDirectoryW"
              },
              {
                "address": "0x7ff79a483878",
                "name": "GetCurrentDirectoryW"
              },
              {
                "address": "0x7ff79a483880",
                "name": "GetEnvironmentVariableW"
              },
              {
                "address": "0x7ff79a483888",
                "name": "SetEnvironmentStringsW"
              },
              {
                "address": "0x7ff79a483890",
                "name": "GetStdHandle"
              }
            ]
          },
          "api-ms-win-core-console-l2-1-0": {
            "dll": "api-ms-win-core-console-l2-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483518",
                "name": "SetConsoleCursorPosition"
              },
              {
                "address": "0x7ff79a483520",
                "name": "GetConsoleScreenBufferInfo"
              },
              {
                "address": "0x7ff79a483528",
                "name": "ScrollConsoleScreenBufferW"
              },
              {
                "address": "0x7ff79a483530",
                "name": "FillConsoleOutputAttribute"
              },
              {
                "address": "0x7ff79a483538",
                "name": "FillConsoleOutputCharacterW"
              },
              {
                "address": "0x7ff79a483540",
                "name": "FlushConsoleInputBuffer"
              },
              {
                "address": "0x7ff79a483548",
                "name": "SetConsoleTextAttribute"
              }
            ]
          },
          "api-ms-win-security-base-l1-1-0": {
            "dll": "api-ms-win-security-base-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483ad8",
                "name": "GetFileSecurityW"
              },
              {
                "address": "0x7ff79a483ae0",
                "name": "RevertToSelf"
              },
              {
                "address": "0x7ff79a483ae8",
                "name": "GetSecurityDescriptorOwner"
              }
            ]
          },
          "api-ms-win-core-sysinfo-l1-1-0": {
            "dll": "api-ms-win-core-sysinfo-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483a50",
                "name": "GetSystemTime"
              },
              {
                "address": "0x7ff79a483a58",
                "name": "SetLocalTime"
              },
              {
                "address": "0x7ff79a483a60",
                "name": "GetSystemTimeAsFileTime"
              },
              {
                "address": "0x7ff79a483a68",
                "name": "GetTickCount"
              },
              {
                "address": "0x7ff79a483a70",
                "name": "GetWindowsDirectoryW"
              },
              {
                "address": "0x7ff79a483a78",
                "name": "GetLocalTime"
              },
              {
                "address": "0x7ff79a483a80",
                "name": "GetVersion"
              }
            ]
          },
          "api-ms-win-core-timezone-l1-1-0": {
            "dll": "api-ms-win-core-timezone-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483aa8",
                "name": "SystemTimeToFileTime"
              },
              {
                "address": "0x7ff79a483ab0",
                "name": "FileTimeToSystemTime"
              }
            ]
          },
          "api-ms-win-core-datetime-l1-1-0": {
            "dll": "api-ms-win-core-datetime-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483570",
                "name": "GetDateFormatW"
              },
              {
                "address": "0x7ff79a483578",
                "name": "GetTimeFormatW"
              }
            ]
          },
          "api-ms-win-core-systemtopology-l1-1-0": {
            "dll": "api-ms-win-core-systemtopology-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483a90",
                "name": "GetNumaNodeProcessorMaskEx"
              },
              {
                "address": "0x7ff79a483a98",
                "name": "GetNumaHighestNodeNumber"
              }
            ]
          },
          "api-ms-win-core-console-l2-2-0": {
            "dll": "api-ms-win-core-console-l2-2-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483558",
                "name": "SetConsoleTitleW"
              },
              {
                "address": "0x7ff79a483560",
                "name": "GetConsoleTitleW"
              }
            ]
          },
          "api-ms-win-core-processenvironment-l1-2-0": {
            "dll": "api-ms-win-core-processenvironment-l1-2-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4838a0",
                "name": "NeedCurrentDirectoryForExePathW"
              }
            ]
          },
          "api-ms-win-core-registry-l1-1-0": {
            "dll": "api-ms-win-core-registry-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483950",
                "name": "RegCloseKey"
              },
              {
                "address": "0x7ff79a483958",
                "name": "RegSetValueExW"
              },
              {
                "address": "0x7ff79a483960",
                "name": "RegOpenKeyExW"
              },
              {
                "address": "0x7ff79a483968",
                "name": "RegCreateKeyExW"
              },
              {
                "address": "0x7ff79a483970",
                "name": "RegEnumKeyExW"
              },
              {
                "address": "0x7ff79a483978",
                "name": "RegDeleteKeyExW"
              },
              {
                "address": "0x7ff79a483980",
                "name": "RegDeleteValueW"
              },
              {
                "address": "0x7ff79a483988",
                "name": "RegQueryValueExW"
              }
            ]
          },
          "api-ms-win-core-file-l2-1-0": {
            "dll": "api-ms-win-core-file-l2-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4836d8",
                "name": "MoveFileExW"
              },
              {
                "address": "0x7ff79a4836e0",
                "name": "CreateSymbolicLinkW"
              },
              {
                "address": "0x7ff79a4836e8",
                "name": "CreateHardLinkW"
              },
              {
                "address": "0x7ff79a4836f0",
                "name": "MoveFileWithProgressW"
              },
              {
                "address": "0x7ff79a4836f8",
                "name": "GetFileInformationByHandleEx"
              }
            ]
          },
          "api-ms-win-core-heap-l2-1-0": {
            "dll": "api-ms-win-core-heap-l2-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483758",
                "name": "GlobalAlloc"
              },
              {
                "address": "0x7ff79a483760",
                "name": "GlobalFree"
              },
              {
                "address": "0x7ff79a483768",
                "name": "LocalFree"
              }
            ]
          },
          "api-ms-win-core-io-l1-1-0": {
            "dll": "api-ms-win-core-io-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483778",
                "name": "DeviceIoControl"
              }
            ]
          },
          "api-ms-win-core-winrt-l1-1-0": {
            "dll": "api-ms-win-core-winrt-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483ac0",
                "name": "RoInitialize"
              },
              {
                "address": "0x7ff79a483ac8",
                "name": "RoUninitialize"
              }
            ]
          },
          "api-ms-win-core-processtopology-l1-1-0": {
            "dll": "api-ms-win-core-processtopology-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483920",
                "name": "GetThreadGroupAffinity"
              }
            ]
          },
          "api-ms-win-core-synch-l1-2-0": {
            "dll": "api-ms-win-core-synch-l1-2-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483a40",
                "name": "Sleep"
              }
            ]
          },
          "api-ms-win-core-profile-l1-1-0": {
            "dll": "api-ms-win-core-profile-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483940",
                "name": "QueryPerformanceCounter"
              }
            ]
          },
          "api-ms-win-core-string-obsolete-l1-1-0": {
            "dll": "api-ms-win-core-string-obsolete-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4839b0",
                "name": "lstrcmpW"
              },
              {
                "address": "0x7ff79a4839b8",
                "name": "lstrcmpiW"
              }
            ]
          },
          "api-ms-win-core-processtopology-obsolete-l1-1-0": {
            "dll": "api-ms-win-core-processtopology-obsolete-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a483930",
                "name": "SetProcessAffinityMask"
              }
            ]
          },
          "api-ms-win-core-apiquery-l1-1-0": {
            "dll": "api-ms-win-core-apiquery-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4834d0",
                "name": "ApiSetQueryApiSetPresence"
              }
            ]
          },
          "api-ms-win-core-delayload-l1-1-1": {
            "dll": "api-ms-win-core-delayload-l1-1-1.dll",
            "imports": [
              {
                "address": "0x7ff79a4835b8",
                "name": "ResolveDelayLoadedAPI"
              }
            ]
          },
          "api-ms-win-core-delayload-l1-1-0": {
            "dll": "api-ms-win-core-delayload-l1-1-0.dll",
            "imports": [
              {
                "address": "0x7ff79a4835a8",
                "name": "DelayLoadFailureHook"
              }
            ]
          }
        },
        "exported_dll_name": null,
        "exports": [],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x0003a028",
            "size": "0x000002f8"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x0005d000",
            "size": "0x000084f8"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00059000",
            "size": "0x00002334"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x00066000",
            "size": "0x0000030c"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x00035a60",
            "size": "0x00000054"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x00032c10",
            "size": "0x00000118"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x00039d20",
            "size": "0x00000080"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000400",
            "virtual_address": "0x00001000",
            "virtual_size": "0x00031000",
            "size_of_data": "0x00031000",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x60000020",
            "entropy": "6.31"
          },
          {
            "name": ".rdata",
            "raw_address": "0x00031400",
            "virtual_address": "0x00032000",
            "virtual_size": "0x0000b000",
            "size_of_data": "0x0000a600",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "5.18"
          },
          {
            "name": ".data",
            "raw_address": "0x0003ba00",
            "virtual_address": "0x0003d000",
            "virtual_size": "0x0001c000",
            "size_of_data": "0x0001b800",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "0.13"
          },
          {
            "name": ".pdata",
            "raw_address": "0x00057200",
            "virtual_address": "0x00059000",
            "virtual_size": "0x00003000",
            "size_of_data": "0x00002400",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "5.49"
          },
          {
            "name": ".didat",
            "raw_address": "0x00059600",
            "virtual_address": "0x0005c000",
            "virtual_size": "0x00001000",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "1.32"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x00059800",
            "virtual_address": "0x0005d000",
            "virtual_size": "0x00009000",
            "size_of_data": "0x00008600",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "4.36"
          },
          {
            "name": ".reloc",
            "raw_address": "0x00061e00",
            "virtual_address": "0x00066000",
            "virtual_size": "0x00001000",
            "size_of_data": "0x00000400",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x42000040",
            "entropy": "4.68"
          }
        ],
        "overlay": null,
        "resources": [
          {
            "name": "MUI",
            "offset": "0x00065420",
            "size": "0x000000d8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.68"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0005d778",
            "size": "0x00000668",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.65"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0005dde0",
            "size": "0x000002e8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.44"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0005e0c8",
            "size": "0x00000128",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.17"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0005e1f0",
            "size": "0x00000ea8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.06"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0005f098",
            "size": "0x000008a8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.07"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0005f940",
            "size": "0x00000568",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "0.71"
          },
          {
            "name": "RT_ICON",
            "offset": "0x0005fea8",
            "size": "0x0000169e",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "7.85"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00061548",
            "size": "0x000025a8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.88"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00063af0",
            "size": "0x000010a8",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.97"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00064b98",
            "size": "0x00000468",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.17"
          },
          {
            "name": "RT_GROUP_ICON",
            "offset": "0x00065000",
            "size": "0x00000092",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "2.90"
          },
          {
            "name": "RT_VERSION",
            "offset": "0x00065098",
            "size": "0x00000388",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "3.50"
          },
          {
            "name": "RT_MANIFEST",
            "offset": "0x0005d350",
            "size": "0x00000428",
            "filetype": null,
            "language": "LANG_ENGLISH",
            "sublanguage": "SUBLANG_ENGLISH_US",
            "entropy": "5.00"
          }
        ],
        "versioninfo": [
          {
            "name": "CompanyName",
            "value": "Microsoft Corporation"
          },
          {
            "name": "FileDescription",
            "value": "Windows Command Processor"
          },
          {
            "name": "FileVersion",
            "value": "10.0.19041.746 (WinBuild.160101.0800)"
          },
          {
            "name": "InternalName",
            "value": "cmd"
          },
          {
            "name": "LegalCopyright",
            "value": "© Microsoft Corporation. All rights reserved."
          },
          {
            "name": "OriginalFilename",
            "value": "Cmd.Exe"
          },
          {
            "name": "ProductName",
            "value": "Microsoft® Windows® Operating System"
          },
          {
            "name": "ProductVersion",
            "value": "10.0.19041.746"
          },
          {
            "name": "Translation",
            "value": "0x0409 0x04b0"
          }
        ],
        "imphash": "272245e2988e1e430500b852c4fb5e18",
        "timestamp": "2090-01-16 09:26:43",
        "icon": "iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAACp0lEQVR4nO2ZPW/TQByHH8cpUyWQ2NjKd+AjNK1U1ZGQkBjZYWNhQAIEUmFgKuwsSEhISElV0TeoVFUsnSLUgS6J2nRJA0mTpknss8OQ2thN3Z7Tl5ORH+lyf/sud7+fz3e+OJCQkBBrNIDnL2ceaZo2q1qMDJ1O+/HMqxfvAAvopQE0TZu9e+++MlHvP+QAePgge+bxl8+f3gIfgRpgpq9a7Em4QmWPgetAC78BPZWiUS2f2Vkv+BG5/Hidftav2/PlbvJz89ZtN0wDKTfon0nrzLx+868TXwMnxbLJcZyB2M2FENi2jRACy7K83DRN2u02nU4Hy7I8TT9/lQYuRir0MsUEz8Dx4YoLp45APp8nn8+Hli8sLFy4oKiEGsjlchiGgWEYzM3Neefn5+cD9RYXFy9PnQRSc2B6etqLp6amvHhychKApaWlC5Ylz7kn8cTEBADLy8vnFjMMUgZOu4UAMpkMACsrKxckSx7vOXB8Ecpms94EDruF/IyPjwdGYXV1NbTT0dFRAG/Nd9F1HV3XA88LaQPVWmOg0DCMMxsAME2TWq3G2NgYzWaTRqOBpmlS3/Vj2za2bYeWV37vD5wbei/UbDapVCrs7e1Rr9eHbebcRDIghGBnZ4dSqcTh4eFlaYqElIGDgwOKxSK7u7sIIS5bUyRONSCEYGtri2KxKDWhVOBbhYLLULlcZnNzk263e+WiojAwAo7jUCgU2N7eVqEnMgEDpmmysbFBtVpVpScyngHH6bG2tkar1VKpJzLeVkLYduzEw//0iyyuJAZUkxhQTWJANYkB1cTeQGA3+u1HQZWOoUkD7NfrmfXvX9W9XovAs6dP7gBdQMDRf2TACHDjKI2oEBaBLvAHaAC2a0CjPxrXAF2RMFkEfRPhL5ASEhLiw1+s5V9Z8HnusgAAAABJRU5ErkJggg==",
        "icon_hash": "00d152c1523e56c619d25f6c96c21a41",
        "icon_fuzzy": "e55641fba39eaff4ee89e5fc0af8f337",
        "icon_dhash": "a2ae7a370101a3c0",
        "imported_dll_count": 37
      },
      "data": null,
      "strings": [
        "l$PLcv$I",
        "fD9$Cu",
        "t$0L+",
        "fG94lu",
        "lext-ms-win-cmd-util-l1-1-0",
        "fD9,0",
        "DISABLEEXTENSIONS",
        "NtQueryInformationProcess",
        "@8=D!",
        "D9t$<",
        "_ultoa",
        "A_A^A]A\\_",
        "GetFullPathNameW",
        "COLOR",
        "interrupted",
        " %x %c",
        "HcD$x",
        "t$0uKE3",
        " &()[]{}^=;!%'+,`~",
        "\\$dD9L$T",
        ".bss$00",
        "fD9l$ ",
        "L$8f99u`+",
        "f9|$Vt\"",
        "message size",
        "no_buffer_space",
        "api-ms-win-core-synch-l1-1-0.dll",
        "memcpy",
        "api-ms-win-core-file-l1-1-0.dll",
        "usebackq",
        "l$HE3",
        "GetModuleFileNameA",
        "WATAUAVAWH",
        "GetCurrentProcessId",
        ".CRT$XCU",
        "t$ WH",
        "api-ms-win-core-synch-l1-2-0.dll",
        "t$HD9=",
        "connection_refused",
        "CMD Internal Error %s",
        "t4f93t/H",
        "\"t5fA",
        "MKLINK",
        "start /wait \"\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\"",
        "permission_denied",
        "fD9$xu",
        "ASSOC",
        "CloseHandle",
        "Redir: ",
        "LegalCopyright",
        "GetCommandLineW",
        "ext-ms-win-branding-winbrand-l1-1-1",
        "Hct$ ",
        "\\XCOPY.EXE",
        ".CRT$XIZ",
        "            <requestedExecutionLevel",
        "fD9+t",
        "Sleep",
        ".text$yd",
        "MessageBeepStub",
        "|$ 9=",
        "HeapFree",
        "invalid string position",
        ".xdata$x",
        "FlushConsoleInputBuffer",
        "fD9,Vu",
        "D9|$0",
        "GetCurrentThreadId",
        "AcquireSRWLockShared",
        "fD9 tuH",
        "fB9<{u",
        "CMDEXTVERSION",
        "%hs(%u)\\%hs!%p: ",
        "L$4uFA",
        "HH:mm:ss t",
        "NtFsControlFile",
        "no such device or address",
        "u4D95N",
        "8*uUH",
        "SetUnhandledExceptionFilter",
        "L$0H3",
        "ScrollConsoleScreenBufferW",
        "L$XH3",
        "E$uwM",
        "A^A\\]",
        "_wcsnicmp",
        "L$@E3",
        "SUWATAUAVAWH",
        "fF9$pu",
        "D9t$DtND",
        "destination_address_required",
        "api-ms-win-core-timezone-l1-1-0.dll",
        "WaitForSingleObject",
        "fD94Bu",
        "rmdir ",
        "fD94Cu",
        "D95lB",
        "eY_wK",
        "f9<Au",
        "A_A^A\\_^",
        ">/~sA",
        "D9t$0",
        "HeapSetInformation",
        "f94Ju",
        "ext-ms-win-shell-shell32-l1-2-3",
        "GetWindowsDirectoryW",
        "BrandingFormatString",
        "fD9$Hu",
        "f9,Xu",
        "GetFileInformationByHandleEx",
        "iH4-N",
        "A_A^A]A\\_^][",
        "SetLocalTime",
        "f9,Cu",
        "fD9tG",
        "*t|fA;",
        "api-ms-win-core-heap-l1-1-0.dll",
        "ATAVAWH",
        "@SVWH",
        "Null environment",
        "    <windowsSettings xmlns:ws2=\"http://schemas.microsoft.com/SMI/2016/WindowsSettings\">",
        "??1exception@@UEAA@XZ",
        ".didat$3",
        "D8L$\\",
        "L$ SWH",
        "ResumeThread",
        "u+fD9o",
        "f94Zu",
        "VirtualAlloc",
        "t\"D9%",
        "BELOWNORMAL",
        "read only file system",
        "api-ms-win-security-base-l1-1-0.dll",
        ">3t#A",
        "fF9<fu",
        "no_protocol_option",
        "not_connected",
        "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>",
        "                uiAccess=\"false\"",
        "no link",
        "fD9 tK",
        "d$0E3",
        ".text$mn",
        "|$z:t0A",
        "#D$D;",
        ".xdata",
        "Se%ae`",
        "iswxdigit",
        "D$0H;",
        "ABOVENORMAL",
        "|$@PE",
        "api-ms-win-core-console-l2-2-0.dll",
        "iswspace",
        "MKDIR",
        "L$PE3",
        "tlfD9>tfI",
        "f;D$`",
        "protocol_not_supported",
        "t!fD9l$ ",
        "??_V@YAXPEAX@Z",
        "connection reset",
        "K9\\$<t",
        "tbfA9",
        "operation not supported",
        " H3E H3E",
        "D9t$x",
        "H!|$`I",
        "host unreachable",
        "FormatMessageW",
        "NDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD",
        "f9,Bu",
        "AfD9!u",
        "u0D9d$ ",
        "GetVersion",
        "KERNEL32.DLL",
        "f9|$<tMI;",
        ".data$00",
        "fD94Gu",
        "ferror",
        "p AWH",
        "oL$0f",
        "api-ms-win-core-processtopology-obsolete-l1-1-0.dll",
        "                level=\"asInvoker\"",
        "no lock available",
        " A_A^A\\^]",
        "DebugBreak",
        "@SUVWH",
        "D$ I;",
        "D8L$h",
        "fA9<@u",
        "\\CMD.EXE",
        "A_A^A]A\\_^[",
        "result out of range",
        "RMDIR",
        "CreateProcessW",
        "cCBR_p",
        "A_A^A\\_]",
        "COPYCMD",
        ".text",
        "TryAcquireSRWLockExclusive",
        "f9<Hu",
        "wrong_protocol_type",
        "<GfD9#",
        "D9%PC",
        "XXX8Pvh8v",
        "SetFilePointer",
        "NEWWINDOW",
        "HcA<H",
        "SetErrorMode",
        "l$ VWATAVAWH",
        "api-ms-win-core-registry-l1-1-0.dll",
        "api-ms-win-core-handle-l1-1-0.dll",
        "pushd ",
        "t$HM+",
        "fprintf",
        "NTDLL.DLL",
        "fD9,ou",
        "D9%KA",
        "ReadFile",
        "api-ms-win-core-profile-l1-1-0.dll",
        "fD9$yu",
        ".CRT$XIY",
        "too many files open",
        "SetConsoleCursorPosition",
        "L$8H3",
        "SetCurrentDirectoryW",
        "tRfD9",
        "t~fA;",
        "t\"D8=",
        "|$ AVH",
        "_lock",
        "t$ WAVAWH",
        "x UAVAWH",
        "yy/MM/dd",
        "UWAUAVAWH",
        "l$ E3",
        "T$ H+",
        "L9%@^",
        "fE9$Gu",
        "(%s) %s ",
        "[%hs]",
        "@SVAUH",
        "fD9|]",
        "CMD.EXE",
        "api-ms-win-core-systemtopology-l1-1-0.dll",
        "PUSHD",
        "x ATAVAWH",
        "fD9d$P",
        "pA_A^_^]",
        "f9H\\u",
        "connection_aborted",
        "_wcsicmp",
        "    /D /c\"",
        "s AWH",
        "LoadLibraryExW",
        "SetFilePointerEx",
        "_exit",
        "WGeToken: (%x) '%s'",
        "is a directory",
        "SUVWATAVAWH",
        "connection_already_in_progress",
        "RegDeleteValueW",
        "A_A^A\\_^[]",
        "RtlDosPathNameToRelativeNtPathName_U_WithStatus",
        "fD9$Gu",
        "D9d$x",
        "fD9$pu",
        "EnableExtensions",
        "_errno",
        "H9t$Xt eH",
        "D$<E3",
        " Microsoft Corporation. All rights reserved.",
        "APerformUnaryOperation: '%c'",
        "pqacG%%apppppppaB",
        ".?AVbad_alloc@std@@",
        "api-ms-win-core-delayload-l1-1-0.dll",
        "_pclose",
        "\\$0E3",
        "SetFileTime",
        "D;S$r",
        "wwwwwwww",
        "VirtualQuery",
        "fD9<qu",
        "CMDCMDLINE",
        "TerminateProcess",
        "DelayLoadFailureHook",
        "file too large",
        "dd/MM/yy",
        "<application  xmlns=\"urn:schemas-microsoft-com:asm.v3\">",
        ".rsrc$02",
        "wwwwwwwwp",
        "AutoRun",
        "t$49\\$Ht&9",
        "GetStdHandle",
        "D$PE3",
        "SHARED",
        "PAUSE",
        "%s %s ",
        "owner dead",
        "se%%%%% R",
        "%02d%s%02d%s%02d",
        "HeapSize",
        "fF9l}",
        "ERASE",
        "D9y$vb",
        "wcstol",
        "NtQueryInformationToken",
        "</assembly>",
        "fD90H",
        "t$ WATAVH",
        "GetSystemTime",
        ".data$zz",
        ".bss$zz",
        "GetLocalTime",
        "GetConsoleTitleW",
        "argument out of domain",
        "UATAVH",
        ">0tdA",
        ";l$0u",
        "??0exception@@QEAA@AEBQEBD@Z",
        "ENDLOCAL",
        "f9<Fu",
        "D$XfD",
        "H!\\$ L",
        "inappropriate io control operation",
        "wcsrchr",
        ".CRT$XIAA",
        "L$095",
        "9\"tFH",
        "filename too long",
        "connection aborted",
        "SUVWATAUAVAWH",
        "SetProcessAffinityMask",
        "WNetAddConnection2WStub",
        "GetTickCount",
        "fD94{u",
        "fA9<wu",
        "GetDiskFreeSpaceExW",
        ".idata$3",
        "<t:-,",
        "D$DE3",
        "connection already in progress",
        "printf",
        "no buffer space",
        "L$ H+",
        "D$HE3",
        "t$HE3",
        "tBD9t$pu;H",
        " [..]",
        "t$0E;",
        "Application",
        "address_not_available",
        "LcA<E3",
        "*** Unknown type: %x",
        "L$pfD",
        "__set_app_type",
        "\\$$E3",
        "m;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\System32\\OpenSSH\\;C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314\\Scripts\\;C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314\\;C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\WindowsApps",
        "HcT$8H",
        "GetVolumePathNameW",
        "QueryPerformanceCounter",
        "ext-ms-win-cmd-util-l1-1-0.dll",
        "CreateSymbolicLinkW",
        "timed_out",
        "D$8E3",
        "identifier removed",
        "NtSetInformationProcess",
        "%d.%d.%05d.%d",
        "io error",
        "tUD9%",
        " A^A]A\\",
        "executable format error",
        ".didat$6",
        "f94yu",
        "H9L$@r",
        "_callnewh",
        "_commode",
        "Windows Command Processor",
        "fD94yu",
        "no such file or directory",
        "qsort",
        ".CRT$XCAA",
        "CallContext:[%hs] ",
        "api-ms-win-core-string-obsolete-l1-1-0.dll",
        "VarFileInfo",
        "9|$Ht",
        ";|$Xt",
        "WaitForSingleObjectEx",
        "H9D$x",
        ".rdata$brc",
        "wcsstr",
        "??0exception@@QEAA@AEBV0@@Z",
        "MultiByteToWideChar",
        "api-ms-win-core-libraryloader-l1-2-0.dll",
        "fE9,Fu",
        "_tell",
        "wait \"\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\"",
        ".text$np",
        "0A^_^][",
        "ProductVersion",
        "ENABLEEXTENSIONS",
        "\\$ E3",
        "UVATAVAWH",
        "RoInitialize",
        "FTYPE",
        "d$x@8=",
        "L9%<`",
        "fD9,Cu",
        "Gxf9(u,3",
        "CreateSemaphoreExW",
        "</application>",
        "T$0E3",
        "__dllonexit",
        "f9,xu",
        "D8L$iL",
        "device or resource busy",
        "not_a_socket",
        "Msg:[%ws] ",
        "OutputDebugStringW",
        "PATHEXT",
        "L$0H=",
        "0A_A^^",
        "fD9$Ku",
        "DeleteProcThreadAttributeList",
        "GetSecurityDescriptorOwner",
        "stream timeout",
        "network reset",
        ".rdata$00",
        "FillConsoleOutputCharacterW",
        "L$PH3",
        "SetLastError",
        "f94Au",
        "api-ms-win-core-console-l2-1-0.dll",
        "fE94Wu",
        "wcstoul",
        "SHIFT",
        "network_down",
        "9\\$<t",
        "x UATAUAVAWH",
        "FillConsoleOutputAttribute",
        "tsHcL$8L",
        "_setjmp",
        "WriteFile",
        "oT$@f",
        "            />",
        "PU,//",
        "delims=",
        "Local\\SM0:%d:%d:%hs",
        "COMSPEC",
        "M0H9M`t",
        "=,;+/[] ",
        "FlushFileBuffers",
        "T$8A;",
        "system",
        "FindNextFileW",
        "ext-ms-win-branding-winbrand-l1-2-0",
        "%s=%s",
        "cG?CCRRRRP`R",
        "10.0.19041.746",
        "ProductName",
        ".?AVexception@@",
        "D8=-u",
        "tlD8%",
        ".text$mn$00",
        "UAVAWH",
        "USVWATAUAVAWH",
        "VirtualFree",
        "L$HE3",
        "t$`I+",
        "L$@fA",
        ".idata$2",
        "WAVAWH",
        "$DHcD$PM",
        "x AUAVAWH",
        "FailFast",
        "fE9,Wu",
        "not supported",
        "UVWATAUAVAWH",
        "|$`E3",
        "_onexit",
        "A_A^A]",
        "t%fA;",
        "fD9DC",
        ";:u8A",
        "A_A^A]_]",
        "FtFfD9",
        "ext-ms-win-branding-winbrand-l1-1-0.dll",
        "!This program cannot be run in DOS mode.",
        ".00cfg",
        "|$8D9{",
        ".bss$pr00",
        "HcD$ ",
        "network down",
        "t$@E3",
        ";:u.A",
        "@A_A^A]A\\_^[",
        "fA94Ru",
        "SetConsoleInputExeNameW",
        "ext-ms-win-shell-shell32-l1-3-0",
        "L$8E3",
        "FindFirstFileW",
        "DEFINED",
        "malloc",
        "cross device link",
        "fD9t$\"",
        "FindNextStreamWStub",
        "L$pH3",
        "n(D9-c",
        "fF9$Cu",
        ".text$zy",
        "GetCurrentDirectoryW",
        "__iob_func",
        "RtlFindLeastSignificantBit",
        "fD9,Gu",
        "UpdateProcThreadAttribute",
        "L$Xf91t",
        "bad_file_descriptor",
        "DuplicateHandle",
        "D$@H9t$@",
        "0A_A^_",
        "f9,Gu",
        "@A_A^]",
        "    </security>",
        "GetThreadGroupAffinity",
        "DeleteFileW",
        "8A^_^[",
        ")t$@H",
        "f9/t+",
        "api-ms-win-core-localization-l1-2-0.dll",
        "L9{@u",
        "FindClose",
        "not a directory",
        "((((&&(&&&(&(&&&&&&(((#&&###",
        "BREAK",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp",
        "DelayedExpansion",
        "fD94~u",
        "no stream resources",
        "wcscmp",
        "START",
        "uE9\\$<uE",
        "PathCompletionChar",
        "A_A^A]A\\_^]",
        "NtSetInformationFile",
        "Copyright (c) Microsoft Corporation. All rights reserved.",
        "@USVWATAVAWH",
        "D$89|$P",
        "9|$Pt!H",
        "too many links",
        "L9L$x",
        "FOR/?",
        "NORMAL",
        "UVWAVAWH",
        "T$PE3",
        "`A_A^A\\_^][",
        "kernelbase.dll",
        "fD94Su",
        "InitializeProcThreadAttributeList",
        "fA9<\\u",
        "Cd$@H",
        "GetFileSecurityW",
        "CHcD$pH",
        "D8L$ ",
        "MoveFileWithProgressW",
        "H!|$ L",
        "RtlReleaseRelativeName",
        "DIRCMD",
        "x AVH",
        "DefaultColor",
        "|$pI+",
        "L$(H3",
        ".COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC",
        " /K %s",
        "GetConsoleMode",
        "ENABLEDELAYEDEXPANSION",
        "t$@H9",
        "GetUserDefaultLCID",
        "VAVAWH",
        "onecore\\internal\\sdk\\inc\\wil\\opensource\\wil\\resource.h",
        "fD9,Ku",
        "fE9LE",
        "|$ ut",
        "api-ms-win-core-file-l2-1-0.dll",
        "!KD4)#",
        "TITLE",
        ".?AVlogic_error@std@@",
        "D$`f9",
        "<assemblyIdentity",
        "t,fD92t&I",
        "UWATAVAWH",
        "f9(u%H",
        "o\\$PH",
        "FileVersion",
        "fD9$nu",
        "bad message",
        "no such device",
        ".text$zz",
        "__setusermatherr",
        "fD9,Ou",
        "api-ms-win-core-debug-l1-1-0.dll",
        "D9|$0u$E3",
        "L$ USWH",
        ".idata$4",
        " [...]",
        "PROMPT",
        "f94{u",
        "UWAWH",
        "RtlLookupFunctionEntry",
        "WriteConsoleW",
        "WNetCancelConnection2WStub",
        "@SUVWAVH",
        "Fxf9(u-3",
        "DisableCMD",
        "APerformArithmeticOperation: '%c'",
        "RENAME",
        "8\\utH",
        ".data",
        "A_A^A]A\\_^[]",
        "address_family_not_supported",
        "    processorArchitecture=\"amd64\"",
        "    </windowsSettings>",
        "eIDATx",
        "_getch",
        ".rsrc",
        "_CxxThrowException",
        "CompletionChar",
        " Operating System",
        "REM /?",
        ".rdata$00$brc",
        "D$Pf9",
        "NtQueryVolumeInformationFile",
        ".data$r$brc",
        "Translation",
        "already_connected",
        "GlobalAlloc",
        "f9<^u",
        "L$ UVWATAUAVAWH",
        "function not supported",
        "VWAVH",
        "lstrcmpW",
        "A_A^A\\",
        "fD94Ou",
        "wrong protocol type",
        ".didat$2",
        "GetLastError",
        "HeapReAlloc",
        "fE9$Ou",
        " A_A^_",
        "fD9$Au",
        "onecore\\base\\cmd\\maxpathawarestring.cpp",
        "L95NW",
        "InternalName",
        "SetConsoleMode",
        "<!-- Copyright (c) Microsoft Corporation -->",
        "_close",
        ".didat$4",
        "useback",
        "\\Shell\\Open\\Command",
        "/w&tV",
        "fF9,gu",
        "srand",
        "f94Cu",
        "L$0H;",
        "GetExitCodeProcess",
        "api-ms-win-core-processenvironment-l1-1-0.dll",
        "L$XH+",
        "fflush",
        "tSL9?",
        "fA9,Pu",
        "^fD9+",
        "GetDriveTypeW",
        "fD9tC",
        "040904B0",
        "no message",
        "already connected",
        "GetSystemTimeAsFileTime",
        "FileTimeToSystemTime",
        ">;u\\D",
        "0A_A^A]A\\_^]",
        "fD9TH,u",
        "SetConsoleTitleW",
        "fD9$hu",
        ".gljmp",
        "[%hs(%hs)]",
        "bad_address",
        "ShellExecuteWorker",
        "|$0E3",
        "    version=\"5.1.0.0\"",
        ".pdata",
        "fE9$vu",
        "fD9,xu",
        "api-ms-win-core-apiquery-l1-1-0.dll",
        "f9tQ,u",
        "WAUAVH",
        "f;0u>H",
        "cmd.pdb",
        "|$ ATAVAWH",
        "f9<Cu",
        "D$l;E",
        "address not available",
        "|$ Hc",
        "en-US",
        "fD9$su",
        "D$PfA",
        "LeaveCriticalSection",
        "realloc",
        "A_A^A]A\\]",
        "u\"f90u&H",
        "D$8H!t$8H",
        "ntdll.dll",
        "ReleaseSRWLockShared",
        "protocol not supported",
        "D9%`9",
        "u HcA<H",
        ".gfids",
        "D$0fD98t",
        "no message available",
        "iostream",
        "D3blc",
        "%s (%s) %s",
        "memset",
        "fD9dG",
        ".rsrc$01",
        "connection_reset",
        "\\$ UVWAVAWH",
        "_cexit",
        "REALTIME",
        "fD98t",
        "D$ I+",
        "fD9|F0u",
        "{ ATAVAWH",
        "fE9$wu",
        "fD9<Xu",
        "<description>Windows Command Processor</description>",
        "fF9Dj0u",
        "LogHr",
        "D8=is",
        "GetFileAttributesExW",
        "ext-ms-win-shell-shell32-l1-2-0",
        "7fD90",
        "VS_VERSION_INFO",
        "A_A^]",
        "|$ E3",
        "Software\\Classes",
        "L$xE3",
        "FindFirstStreamWStub",
        "n<DSbb",
        "GetModuleFileNameW",
        "D$\"fD",
        "RANDOM",
        "UnhandledExceptionFilter",
        "network unreachable",
        "D$pE3",
        "\\$PE3",
        "CHDIR",
        "t$(E3",
        "EXIST",
        "directory not empty",
        "argument list too long",
        "f90t7",
        "(fD97",
        "fE9DE",
        "too many symbolic link levels",
        "@A^_^",
        "DPATH",
        "D$@E3",
        "\\$ UH",
        "??1type_info@@UEAA@XZ",
        "SVWATAUAVAWH",
        ".idata$5",
        "_wcsupr",
        ".CRT$XCA",
        "_vsnwprintf",
        "api-ms-win-core-delayload-l1-1-1.dll",
        "HcT$ L",
        "??3@YAXPEAX@Z",
        ".CRT$XCZ",
        "GetModuleHandleW",
        "\\$ UVWATAUAVAWH",
        "api-ms-win-core-kernel32-legacy-l1-1-0.dll",
        "Software\\Policies\\Microsoft\\Windows\\System",
        ".data$pr00",
        "Ungetting: '%s'",
        "D9-P8",
        "],//cuu",
        "bad allocation",
        "fD9$Zu",
        ".text$lp01cmd.exe!20_pri7",
        "f94Ku",
        "SetEnvironmentVariableW",
        "GetProcessHeap",
        "System",
        "D$8L+",
        "protocol error",
        ".data$brc",
        "_initterm",
        "Microsoft Corporation",
        "D9l$d",
        "@USVWATAUAVAWH",
        "fD9 t&f",
        "H9{Hs>H",
        "t$0E3",
        "t$0fB",
        ".didat$5",
        "GetFileSize",
        "RtlVirtualUnwind",
        "CreateMutexExW",
        "H+|$@H",
        "ReadConsoleW",
        "fD94Hu",
        "IDI_APPICON",
        "tRHcL$xI",
        "KxfD91",
        "operation canceled",
        "fE9,xu",
        "@.didat",
        "QueryFullProcessImageNameWStub",
        ";C$sD",
        "tokens=",
        "ext-ms-win-shell-shell32-l1-2-0.dll",
        "calloc",
        "bad file descriptor",
        "G0HcW",
        "CreateDirectoryW",
        "8/t@H",
        "GetVDMCurrentDirectoriesStub",
        "    name=\"Microsoft.Windows.FileSystem.CMD\"",
        "fB9<iu",
        "fA98u",
        "GetConsoleScreenBufferInfo",
        "D9-4m",
        "SearchPathW",
        "api-ms-win-core-heap-l2-1-0.dll",
        "<noalias>",
        "RegOpenKeyExW",
        ".?AVout_of_range@std@@",
        "fC9\\e",
        "4FHcD$`H",
        "D$ L+",
        "fD9$_u",
        "L$ E3",
        "fD9$Su",
        "RegSetValueExW",
        "D9d$P",
        "__CxxFrameHandler3",
        "fA94Du",
        "ext-ms-win-branding-winbrand-l1-1-2",
        "NtClose",
        "not a stream",
        "()|&=,;\"",
        "REM/?",
        "fD9,^u",
        "CompareFileTime",
        "t$ E3",
        "D$0L;",
        "9T$0u0",
        "fE9$Fu",
        "api-ms-win-core-console-l1-1-0.dll",
        "@WAVH",
        "fE9<nu",
        ";:u&A",
        "L$xHc",
        "SetConsoleCtrlHandler",
        "api-ms-win-core-processenvironment-l1-2-0.dll",
        "state not recoverable",
        "file exists",
        "f9|$Xvx",
        "H9D$`",
        "Software\\Microsoft\\Command Processor",
        "ReleaseSemaphore",
        "network_unreachable",
        "CopyFileExW",
        "api-ms-win-core-winrt-l1-1-0.dll",
        "fA9<Fu",
        "D9t$p",
        "skip=",
        "SEPARATE",
        "f9,su",
        "api-ms-win-core-sysinfo-l1-1-0.dll",
        "fA9<Vu",
        "fD9,8",
        " A_A^_H",
        "%2d%s%02d%s%02d%s%02d",
        "Exception",
        ";8uWH",
        "fD9<Hu",
        "invalid_argument",
        "wwwwwwwwwwwwwwwwwwwww",
        "memcmp",
        "GetTimeFormatW",
        "T$8E3",
        "tGD95",
        "(caller: %p) ",
        "tbD9t$Pu[H",
        "|$ UATAUAVAWH",
        "GetLocaleInfoW",
        "L$(E3",
        "F fD9",
        "NeedCurrentDirectoryForExePathW",
        ".didat$7",
        ".?AVlength_error@std@@",
        "w5tlA",
        "8=unH",
        "resource unavailable try again",
        "RtlCreateUnicodeStringFromAsciiz",
        "D$pf9",
        "CreateProcessAsUserW",
        "@A_A^A]",
        " A_A^A]A\\_",
        "fE9,Gu",
        "cmd.exe",
        "fF9$xu",
        "4qaCCRCCCB",
        "address in use",
        "L$TE3",
        "fD9 u",
        "DeviceIoControl",
        "??0exception@@QEAA@AEBQEBDH@Z",
        "GetCPInfo",
        "CmdBatNotificationStub",
        "FileTimeToLocalFileTime",
        "_amsg_exit",
        "t$pE3",
        "lstrcmpiW",
        "towlower",
        "fgets",
        "t$@D8=",
        "    <windowsSettings>",
        "D$(E3",
        "StringFileInfo",
        "|$XMc",
        "wcschr",
        "A_A^_^]",
        "NtOpenProcessToken",
        "L$0E3",
        "%hs!%p: ",
        "L9{0t#H",
        ".CRT$XIA",
        "w{H9{",
        "_setmode",
        "string too long",
        "D$D9E",
        "mkdir ",
        "fD9#u",
        ".rdata$zz",
        "filename_too_long",
        "l$ VWAVH",
        ".bss$dk00",
        "D8-BP",
        "@A_A^A\\",
        "SVWAVH",
        "GetModuleHandleExW",
        "u3fD;",
        "0123456789",
        "__getmainargs",
        "MM/dd/yy",
        "address family not supported",
        "onecore\\base\\cmd\\StartShellExecServiceProvider.h",
        "t$pL+",
        "value too large",
        "t$(9|$8t1",
        "_get_osfhandle",
        "CreateFileW",
        "InitializeCriticalSection",
        "not connected",
        "GetEnvironmentStringsW",
        "SetThreadLocale",
        "GetACP",
        "unknown error",
        "` AUAVAWH",
        ".giats",
        "f9,Hu",
        "fD9dM",
        "fD9$Fu",
        "\\$ UVWH",
        "(t$@L",
        "SETLOCAL",
        "oD$ f",
        "HIGHESTNUMANODENUMBER",
        "RaiseFailFastException",
        "HcD$pH",
        "9:uGH9-n",
        "api-ms-win-core-processtopology-l1-1-0.dll",
        "RegCloseKey",
        "ApiSetQueryApiSetPresence",
        "timed out",
        "CCCC@40`P@ ",
        "chdir ",
        "L$ fD",
        "fD9/u",
        "_local_unwind",
        "A^_^][",
        "????????.???",
        "fA9<Du",
        "FindFirstFileExW",
        "wwwwwwwwwwwwwww",
        "LocalFree",
        "RegDeleteKeyExW",
        "HcL$ HcD$$H",
        "operation not permitted",
        ".data$dk00$brc",
        "memmove",
        "fD9$Wu",
        "_wcslwr",
        "wcsncmp",
        "operation in progress",
        "_open_osfhandle",
        "api-ms-win-core-io-l1-1-0.dll",
        " A_A^A\\",
        ".rdata$zzzdbg",
        "fD9,Ju",
        "fD94xu",
        "@SUVWATAUAVAWH",
        "RtlFreeHeap",
        "VERIFY",
        "L$`H3",
        "%s %s%s ",
        "ResolveDelayLoadedAPI",
        "D$ fD",
        "<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">",
        "f90u&H",
        "        <ws2:longPathAware>true</ws2:longPathAware>",
        "_pipe",
        "SetEndOfFile",
        "'Px0&D",
        "H+L$xH",
        "UWAVH",
        "fdpnxsatz",
        "HcD$PM",
        "Sh(PO",
        "fD9,Wu",
        "FileDescription",
        "GetThreadLocale",
        "x ATAUAVH",
        "fD94Wu",
        "resource deadlock would occur",
        "D$0E3",
        "permission denied",
        "fD9,Au",
        "fE9d~",
        ".text$di",
        "message_size",
        "t$ WATAUAVAWH",
        "Cmd: %s  Type: %x ",
        "A_A^_",
        "fD9|G0u",
        "GetProcAddress",
        "SetFileAttributesW",
        "no such process",
        "RtlDllShutdownInProgress",
        "DisableUNCCheck",
        "%04X-%04X",
        "GetEnvironmentVariableW",
        "too_many_files_open",
        "fE9<^u",
        "RtlCaptureContext",
        "ShellExecuteExW",
        "GetConsoleWindow",
        "towupper",
        "f9,{u",
        "@A_A^_^]",
        "f9,Su",
        "ReleaseSRWLockExclusive",
        "fF9<Au",
        "iostream stream error",
        "_purecall",
        "GetDateFormatW",
        "A^A]_",
        "AFFINITY",
        "bad address",
        "OriginalFilename",
        "fD99t~D9=<u",
        "fB9<su",
        "10.0.19041.746 (WinBuild.160101.0800)",
        "RegQueryValueExW",
        "GetCurrentProcess",
        "T$0fD",
        "L;d$x",
        "generic",
        "FreeEnvironmentStringsW",
        "|$TfD",
        "GetFileAttributesW",
        "@SAWH",
        "D$`fD98t",
        "FOR /?",
        "fD9<{u",
        "RegEnumKeyExW",
        "too many files open in system",
        "$DHcD$`H",
        "L+D$ H+",
        "fD90t",
        "memcpy_s",
        "ext-ms-win-shell-shell32-l1-2-1",
        "tGHcT$0M",
        "DoSHChangeNotify",
        "fF9$Iu",
        "ext-ms-win-shell-shell32-l1-2-2",
        "RegCreateKeyExW",
        "HcD$`H",
        "%WINDOWS_COPYRIGHT%",
        "fD9#t",
        "D9f$t",
        "Cmd.Exe",
        "t<fA9(t6I",
        "d$Ht*E",
        "        <dpiAware  xmlns=\"http://schemas.microsoft.com/SMI/2005/WindowsSettings\">true</dpiAware>",
        "api-ms-win-core-string-l1-1-0.dll",
        "destination address required",
        "fD94Au",
        "RemoveDirectoryW",
        ".text$lp00cmd.exe!20_pri7",
        "CreateHardLinkW",
        "x UATAVH",
        "u*9Q<|%",
        "_wpopen",
        "HeapAlloc",
        "address_in_use",
        "f9,Ou",
        "%02d%s%02d%s",
        "no child process",
        "fE9dw",
        "SetConsoleTextAttribute",
        "api-ms-win-core-errorhandling-l1-1-0.dll",
        "RevertToSelf",
        "WideCharToMultiByte",
        "OpenThread",
        "1H9wx",
        "IsDebuggerPresent",
        "operation_not_supported",
        "td@8=",
        "NtOpenThreadToken",
        "|$P.uEH",
        "D9L$l",
        "SystemTimeToFileTime",
        "RtlDisownModuleHeapAllocation",
        "\\uc@8=",
        ";;u;H",
        "OpenSemaphoreW",
        "f99ujH",
        "_unlock",
        "@Qm6t",
        "<>+-*/%()|^&=,",
        "connection refused",
        "f9<Qu",
        "ReturnHr",
        "L9N@A",
        ">1tUA",
        "D9%/?",
        "longjmp",
        ".rdata",
        ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC",
        "=ExitCodeAscii",
        "MoveFileExW",
        "D$(@P",
        "WNetGetConnectionWStub",
        "</trustInfo>",
        "*)))))))))))))))))))))",
        "!wct&",
        "_dup2",
        "NtOpenFile",
        "LookupAccountSidWStub",
        "operation_in_progress",
        "x AWH",
        "operation would block",
        "    <security>",
        "Software\\Microsoft\\Windows NT\\CurrentVersion",
        "CopyFileW",
        "L$ht'A",
        "%hs(%d) tid(%x) %08X %ws",
        "f9<Ku",
        "@A_A^A]A\\_^]",
        "EnterCriticalSection",
        "host_unreachable",
        "fD94wu",
        "D8L$ t",
        "RtlDosPathNameToNtPathName_U",
        "fD9<Gu",
        "Args: `%s' ",
        "invalid seek",
        "_wtol",
        "text file busy",
        "        </requestedPrivileges>",
        "no space on device",
        "GetNumaNodeProcessorMaskEx",
        "9D$0u",
        " A^A\\_",
        "D$@fD9'",
        "T$XD;{",
        "T$8H;",
        "@A_A^A]A\\_][",
        "RtlNtStatusToDosError",
        "GetFileType",
        "fD9<Bu",
        "=ExitCode",
        "illegal byte sequence",
        "|$[fD9?",
        "ExpandEnvironmentStringsW",
        "`A_A^A]A\\_^]",
        "iswalpha",
        "ReadProcessMemory",
        "fD93u6H;",
        "CSVFS",
        "f90t13",
        "D9|$Pt",
        "t|D9t$xuuH",
        " Windows",
        "GetVolumeInformationW",
        " A_A^A]A\\_^]",
        "Microsoft",
        "r?fA;",
        "    type=\"win32\"",
        "fD9<Cu",
        "D$ fA;",
        "wcsspn",
        "prRRRPa",
        "fE9$@u",
        "\\$(E3",
        "iswdigit",
        "CompanyName",
        "RRRRP%",
        "|T0 s",
        "?what@exception@@UEBAPEBDXZ",
        "fD9:u",
        "|$4fE99",
        "__C_specific_handler",
        "broken pipe",
        "operation_would_block",
        "f9<Bu",
        "D;d$@D",
        "api-ms-win-core-datetime-l1-1-0.dll",
        "WilError_03",
        "        <requestedPrivileges>",
        "@.reloc",
        "setlocale",
        "G8f9C",
        "ReleaseMutex",
        "C0D9s$",
        "E[fD9",
        "DISABLEDELAYEDEXPANSION",
        "fD9,_u",
        "u#D8g!u",
        "ERRORLEVEL",
        "fD9,Fu",
        ">2tFA",
        "SetEnvironmentStringsW",
        "not enough memory",
        "NtCancelSynchronousIoFile",
        "t$xE3",
        "ext-ms-win-branding-winbrand-l1-1-0",
        "?terminate@@YAXXZ",
        "fE9,Ft",
        "GetNumaHighestNodeNumber",
        "DD$`H",
        "`.rdata",
        "D$ E3",
        "IF /?",
        "D$xE3",
        "invalid argument",
        "_fmode",
        "b$j-0",
        "fD9/t",
        "no protocol option",
        "%6Ru'",
        "fA94Hu",
        "GetStartupInfoW",
        "u%6RRRRRPp",
        "Unknown",
        " \"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"",
        "api-ms-win-core-memory-l1-1-0.dll",
        ".text$x",
        "D9l$ ",
        ".idata$6",
        "msvcrt.dll",
        "|$pA;",
        "fE9&tdA",
        "swscanf",
        "L$XE3",
        "_XcptFilter",
        "3t)E3",
        "RoUninitialize",
        "L$Pf9",
        "D8L$P",
        "api-ms-win-core-processthreads-l1-1-0.dll",
        "<trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">",
        "f98tDA",
        "SetThreadUILanguage",
        "network_reset",
        "RtlFreeUnicodeString",
        "t$ UWATAVAWH",
        ".gehcont",
        " A^_^",
        "not a socket",
        "GlobalFree",
        "SaferWorker",
        "GetConsoleOutputCP",
        "fD9,Su",
        " v;f98",
        "fD9lC",
        "D$xH#E"
      ],
      "virustotal": {
        "error": true,
        "msg": "Unable to complete connection to VirusTotal. Status code: 429"
      },
      "executed_tools": [
        "msi_extract",
        "overlay",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 1,
      "cape_type": "",
      "process_path": "C:\\Windows\\System32\\cmd.exe",
      "process_name": "cmd.exe",
      "module_path": "C:\\Windows\\System32\\cmd.exe",
      "pid": 3864
    }
  ],
  "CAPE": {
    "payloads": [],
    "configs": []
  },
  "info": {
    "version": "2.5",
    "started": "2026-06-29 19:26:00",
    "ended": "2026-06-29 19:26:47",
    "duration": 47,
    "id": 101,
    "category": "file",
    "custom": "",
    "machine": {
      "id": 101,
      "status": "stopping",
      "name": "win10",
      "label": "win10",
      "platform": "windows",
      "manager": "KVM",
      "started_on": "2026-06-29 19:26:00",
      "shutdown_on": "2026-06-29 19:26:46"
    },
    "package": "generic",
    "timeout": true,
    "tlp": null,
    "parent_sample": null,
    "options": {
      "vnc_port": "5900"
    },
    "source_url": null,
    "route": "internet",
    "user_id": 0,
    "CAPE_current_commit": "394455c2cd85889fb0782bfcf1f8c5c2f7f77b46"
  },
  "behavior": {
    "processes": [
      {
        "process_id": 3864,
        "process_name": "cmd.exe",
        "parent_id": 2892,
        "module_path": "C:\\Windows\\System32\\cmd.exe",
        "first_seen": "2026-06-30 02:26:16,744",
        "calls": [
          {
            "timestamp": "2026-06-30 02:26:16,947",
            "thread_id": "2716",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-06-30 02:26:16,947",
            "thread_id": "2716",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff79a468f50"
              },
              {
                "name": "Parameter",
                "value": "0x82a0aa3000"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-06-30 02:26:16,947",
            "thread_id": "4512",
            "caller": "0x7ff9aaa4ea52",
            "parentcaller": "0x7ff9aaa077c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 2
          },
          {
            "timestamp": "2026-06-30 02:26:16,947",
            "thread_id": "4812",
            "caller": "0x7ff9a8441751",
            "parentcaller": "0x7ff9a8441420",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00 \\xf2\\x1f\\xa1\\x82\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xf2\\x1f\\xa1\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-06-30 02:26:16,947",
            "thread_id": "4812",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-06-30 02:26:16,947",
            "thread_id": "4812",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b92f10"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "4284",
            "caller": "0x7ff9a8441751",
            "parentcaller": "0x7ff9a8441420",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xf0\\xff\\xa0\\x82\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xf0\\xff\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "4284",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "4284",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b92e50"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "4512",
            "caller": "0x7ff9a8441751",
            "parentcaller": "0x7ff9a8441420",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xeb\\x0f\\xa1\\x82\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xeb\\x0f\\xa1\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "4512",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "4512",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b93070"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "1944",
            "caller": "0x7ff9a8441751",
            "parentcaller": "0x7ff9a8441420",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00 \\xf0\\xef\\xa0\\x82\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xf0\\xef\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "1944",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "1944",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b92a40"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a4693c1",
            "parentcaller": "0x7ff79a468e29",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ff79a469370"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a463828",
            "parentcaller": "0x7ff79a468ecd",
            "category": "threading",
            "api": "NtOpenThread",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000009"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001fffff",
                "pretty_value": "THREAD_ALL_ACCESS"
              },
              {
                "name": "ProcessId",
                "value": "0"
              },
              {
                "name": "ThreadId",
                "value": "18446744072108703000"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a46052c",
            "parentcaller": "0x7ff79a463839",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a46055b",
            "parentcaller": "0x7ff79a463839",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadUILanguage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3ec610"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a463839",
            "parentcaller": "0x7ff79a468ecd",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xf9\\x94\\xa0\\x82\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x82\\x00\\x00\\x008\\xf9\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a46387c",
            "parentcaller": "0x7ff79a468ecd",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Policies\\Microsoft\\Windows\\System"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a4638c6",
            "parentcaller": "0x7ff79a468ecd",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\xf0\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\xf8\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a464de7",
            "parentcaller": "0x7ff79a463931",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\xf7\\x7f\\x00\\x00@\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a464e0b",
            "parentcaller": "0x7ff79a463931",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "T\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\xf7\\x7f\\x00\\x00@\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a4605a5",
            "parentcaller": "0x7ff79a464e15",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a4605cc",
            "parentcaller": "0x7ff79a464e15",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00Y\\x91\\x00\\x00\\x10\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x1f\\xec\\x00\\x00\\x18\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a4606a0",
            "parentcaller": "0x7ff79a464e15",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a46060c",
            "parentcaller": "0x7ff79a464e15",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "T\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00Y\\x91\\x00\\x00\\x10\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x1f\\xec\\x00\\x00\\x18\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a46064e",
            "parentcaller": "0x7ff79a464e15",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "T\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a4655e1",
            "parentcaller": "0x7ff79a464e35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Command Processor"
              },
              {
                "name": "Handle",
                "value": "0x00000218"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a46562a",
            "parentcaller": "0x7ff79a464e35",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              },
              {
                "name": "ValueName",
                "value": "DisableUNCCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DisableUNCCheck"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a46566e",
            "parentcaller": "0x7ff79a464e35",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              },
              {
                "name": "ValueName",
                "value": "EnableExtensions"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\EnableExtensions"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a4656c5",
            "parentcaller": "0x7ff79a464e35",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              },
              {
                "name": "ValueName",
                "value": "DelayedExpansion"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DelayedExpansion"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a465709",
            "parentcaller": "0x7ff79a464e35",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              },
              {
                "name": "ValueName",
                "value": "DefaultColor"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DefaultColor"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-06-30 02:26:16,963",
            "thread_id": "2716",
            "caller": "0x7ff79a465760",
            "parentcaller": "0x7ff79a464e35",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              },
              {
                "name": "ValueName",
                "value": "CompletionChar"
              },
              {
                "name": "Data",
                "value": "9"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\CompletionChar"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a4657d6",
            "parentcaller": "0x7ff79a464e35",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              },
              {
                "name": "ValueName",
                "value": "PathCompletionChar"
              },
              {
                "name": "Data",
                "value": "9"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\PathCompletionChar"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a465869",
            "parentcaller": "0x7ff79a464e35",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              },
              {
                "name": "ValueName",
                "value": "AutoRun"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\AutoRun"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a465882",
            "parentcaller": "0x7ff79a464e35",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000218"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a4655e1",
            "parentcaller": "0x7ff79a464e35",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Command Processor"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a46589d",
            "parentcaller": "0x7ff79a464e35",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a4658ac",
            "parentcaller": "0x7ff79a464e35",
            "category": "misc",
            "api": "srand",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "seed",
                "value": "0x6a432948"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a464e3c",
            "parentcaller": "0x7ff79a463931",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x277f86522b0",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\cmd.exe\" /c start /wait \"\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\""
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f9ff7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a464e88",
            "parentcaller": "0x7ff79a463931",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x277f86522b0",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\cmd.exe\" /c start /wait \"\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\""
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc230000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc230000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc241000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc251000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a463e85",
            "parentcaller": "0x7ff79a4624ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a462a31",
            "parentcaller": "0x7ff79a463ec7",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x277f86724c0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a462a4e",
            "parentcaller": "0x7ff79a463ec7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a462a31",
            "parentcaller": "0x7ff79a463ec7",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x277f8672040",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeedf2ef8"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a462a4e",
            "parentcaller": "0x7ff79a463ec7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a462a31",
            "parentcaller": "0x7ff79a463ec7",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x277f8672be0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeee3f58c"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a462a4e",
            "parentcaller": "0x7ff79a463ec7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a462a31",
            "parentcaller": "0x7ff79a463ec7",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x277f8672580",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeee655e5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a462a4e",
            "parentcaller": "0x7ff79a463ec7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a462a31",
            "parentcaller": "0x7ff79a463ec7",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x277f8672700",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeee655e5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a462a4e",
            "parentcaller": "0x7ff79a463ec7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a463ef0",
            "parentcaller": "0x7ff79a4624ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45cdc4",
            "parentcaller": "0x7ff79a45aa92",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f867c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a464f9c",
            "parentcaller": "0x7ff79a463931",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00w\\x02\\x00\\x00@\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a465513",
            "parentcaller": "0x7ff79a46521e",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 62
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a4654c4",
            "parentcaller": "0x7ff79a464fc1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc241000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a4654c4",
            "parentcaller": "0x7ff79a464fc1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f9ffb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a4654c4",
            "parentcaller": "0x7ff79a464fc1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f9ffb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a464fff",
            "parentcaller": "0x7ff79a463931",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x10\\x00\\x00\\x00w\\x02\\x00\\x00\\x90\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x85?\\x00\\x00\\x98\\xfb\\x94\\xa0\\x82\\x00\\x00\\x00\\x08\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x90Ae\\xf8w\\x02\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a4650f9",
            "parentcaller": "0x7ff79a463931",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a465116",
            "parentcaller": "0x7ff79a463931",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "CopyFileExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3f06c0"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a465137",
            "parentcaller": "0x7ff79a463931",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "IsDebuggerPresent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3f01b0"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a465151",
            "parentcaller": "0x7ff79a463931",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "SetConsoleInputExeNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a8499ae0"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a46517c",
            "parentcaller": "0x7ff79a463931",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f9ff6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a46517c",
            "parentcaller": "0x7ff79a463931",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f9ffc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45bea1",
            "parentcaller": "0x7ff79a4639f4",
            "category": "system",
            "api": "FindFixAndRun",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Command",
                "value": "start"
              },
              {
                "name": "Arguments",
                "value": " /wait \"\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\""
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45c665",
            "parentcaller": "0x7ff79a45bea1",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xf7\\x94\\xa0\\x82\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x18\\xf7\\x94\\xa0\\x82\\x00\\x00\\x00\\x08\\x02\\x00\\x00w\\x02\\x00\\x00 \\xfa\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc241000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f9ff6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc261000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc266000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc26b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc275000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a469a8c",
            "parentcaller": "0x7ff79a469342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc27a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45cdc4",
            "parentcaller": "0x7ff79a460c97",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f8681000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a468287",
            "parentcaller": "0x7ff79a462f56",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x277f86723a0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x7c67448d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0812"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a463a5d",
            "parentcaller": "0x7ff79a462fe0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a461170",
            "parentcaller": "0x7ff79a455ea6",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc279000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a456019",
            "parentcaller": "0x7ff79a45c862",
            "category": "process",
            "api": "UpdateProcThreadAttribute",
            "status": false,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Attribute",
                "value": "393217"
              },
              {
                "name": "Value",
                "value": "309237645313"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45608f",
            "parentcaller": "0x7ff79a45c862",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": false,
            "return": "0xffffffffc000012f",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\" "
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45608f",
            "parentcaller": "0x7ff79a45c862",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\" "
              },
              {
                "name": "CreationFlags",
                "value": "0x00080410",
                "pretty_value": "CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
              },
              {
                "name": "ProcessId",
                "value": "0"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 1,
            "id": 89
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2716"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000210"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000214"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000210"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6030000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a603f000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000210"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000214"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-06-30 02:26:16,978",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a6030000"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6030000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a6033f10"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000210"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000210"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8700000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00083000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000210"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a8700000"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000230"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x93\\x7fj5\\xe0\\xe9*\\x84\\xa2\\x9bj-\\x03A\\x0e\\x86\\xae\\x85z@?\\x97\\x99pn\\x03\\x0e\\x95N\\x89\n\\x02\\x13\\xddd\\xfew\\x90\\x9b\\xbf\\xc4K\\xcaco|\\xba\\xe7"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8700000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a8738cc0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d12000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d12000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a5b50000"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5b50000"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a5b50000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a5b50000"
              },
              {
                "name": "FunctionName",
                "value": "ThemeInitApiHook"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a5b57ce0"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xe3\\x94\\xa0\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000020c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000020c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000208"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000020c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000208"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a45662e",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000020c"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a456649",
            "parentcaller": "0x7ff79a4564ba",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xef\\x94\\xa0\\x82\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\xc8\\xef\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a465aa5",
            "parentcaller": "0x7ff79a456686",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0\\xef\\x94\\xa0\\x82\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\xef\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a456686",
            "parentcaller": "0x7ff79a4564ba",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "T\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00w\\x02\\x00\\x00\\x00\\xf0\\x94\\xa0\\x82\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x08\\xf0\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-06-30 02:26:16,994",
            "thread_id": "2716",
            "caller": "0x7ff79a4566b7",
            "parentcaller": "0x7ff79a4564ba",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\xc0\\xef\\x94\\xa0\\x82\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc8\\xef\\x94\\xa0\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-06-30 02:26:17,009",
            "thread_id": "2716",
            "caller": "0x7ff79a468b32",
            "parentcaller": "0x7ff79a4699d7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff79a4ac000"
              },
              {
                "name": "ModuleName",
                "value": "cmd.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-06-30 02:26:17,009",
            "thread_id": "2716",
            "caller": "0x7ff79a468b32",
            "parentcaller": "0x7ff79a4699d7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff79a4ac000"
              },
              {
                "name": "ModuleName",
                "value": "cmd.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-06-30 02:26:17,009",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\\comctl32"
              },
              {
                "name": "DllBase",
                "value": "0x7ff994050000"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-06-30 02:26:17,072",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff994050000"
              }
            ],
            "repeated": 1,
            "id": 160
          },
          {
            "timestamp": "2026-06-30 02:26:17,072",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\SHCORE"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a9d30000"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-06-30 02:26:17,072",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-06-30 02:26:17,088",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\Wldp"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a7a90000"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-06-30 02:26:17,088",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\windows.storage"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a6230000"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-06-30 02:26:17,088",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\PROPSYS"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a2720000"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-06-30 02:26:17,088",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3d0000"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-06-30 02:26:17,103",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a9600000"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-06-30 02:26:17,103",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\propsys.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a2720000"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-06-30 02:26:17,103",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 169
          },
          {
            "timestamp": "2026-06-30 02:26:17,119",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 8,
            "id": 170
          },
          {
            "timestamp": "2026-06-30 02:26:17,119",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a8050000"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-06-30 02:26:17,119",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 10,
            "id": 172
          },
          {
            "timestamp": "2026-06-30 02:26:17,150",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Storage.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6230000"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-06-30 02:26:17,150",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0E5AAE11-A475-4C5B-AB00-C66DE400274E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-06-30 02:26:17,150",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-06-30 02:26:17,150",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-06-30 02:26:17,166",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6230000"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-06-30 02:26:17,166",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-06-30 02:26:17,259",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 13,
            "id": 179
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9a8441751",
            "parentcaller": "0x7ff9a8441420",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xec/\\xa1\\x82\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xec/\\xa1\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 181
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9aaa42ad0"
              },
              {
                "name": "Parameter",
                "value": "0x277f8650b50"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aaaae327",
            "parentcaller": "0x7ff9aaa0faf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aaa05157",
            "parentcaller": "0x7ff9aaa043ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CFGMGR32.dll"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aaa04d42",
            "parentcaller": "0x7ff9aaa04aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000038c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8110000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0004e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aa9ffee4",
            "parentcaller": "0x7ff9aa9ffad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a815b000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aa9fffb5",
            "parentcaller": "0x7ff9aa9ffad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8149000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aa9fffed",
            "parentcaller": "0x7ff9aa9ffad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8149000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aaa00068",
            "parentcaller": "0x7ff9aa9ffad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8149000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aaa05082",
            "parentcaller": "0x7ff9aaa079d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8148000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aaa04485",
            "parentcaller": "0x7ff9aaa5b1dd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aaa37b9c",
            "parentcaller": "0x7ff9aaa2288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8148000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aaa37b9c",
            "parentcaller": "0x7ff9aaa2288a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CFGMGR32"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a8110000"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 198
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9a8114cdf",
            "parentcaller": "0x7ff9a8123b0d",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "GENERIC_READ"
              },
              {
                "name": "FileName",
                "value": "\\Device\\DeviceApi\\CMApi"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "0"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9a8114cdf",
            "parentcaller": "0x7ff9a8123b0d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\cfgmgr32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8110000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a8123280"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aa3e5611",
            "parentcaller": "0x7ff9a811f8f8",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000038c"
              },
              {
                "name": "IoControlCode",
                "value": "0x00470807"
              },
              {
                "name": "InBuffer",
                "value": "(\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x14\\x00\\x00\\x00#\\x00\\x00\\xc0\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9aa3e5611",
            "parentcaller": "0x7ff9a811ec21",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000038c"
              },
              {
                "name": "IoControlCode",
                "value": "0x00470807"
              },
              {
                "name": "InBuffer",
                "value": "(\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a638acb2",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a638acfc",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "960",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a638acfc",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "Milliseconds",
                "value": "1000"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "3892",
            "caller": "0x7ff9aaa4ea52",
            "parentcaller": "0x7ff9aaa077c3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000038"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 1,
            "id": 208
          },
          {
            "timestamp": "2026-06-30 02:26:17,275",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\edputil"
              },
              {
                "name": "DllBase",
                "value": "0x7ff993730000"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "3892",
            "caller": "0x7ff9a8441751",
            "parentcaller": "0x7ff9a8441420",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xed?\\xa1\\x82\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\xed?\\xa1\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "3892",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "3892",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9aaa42ad0"
              },
              {
                "name": "Parameter",
                "value": "0x277f8650b50"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "3892",
            "caller": "0x7ff9a63ca6d1",
            "parentcaller": "0x7ff9a63b12d5",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "\\\\?\\STORAGE#Volume#{1c192ddb-7371-11f1-9cd4-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{e1e1ae7a-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a638ad1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63acca6",
            "parentcaller": "0x7ff9a63a8fe3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a901f",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000039c"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a9047",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a9d4bdab",
            "parentcaller": "0x7ff9a9d4bc22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Data",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xc4\\xd8c\\xf2\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a908b",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63acca6",
            "parentcaller": "0x7ff9a63a8fe3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a901f",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a8"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a9047",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a9d4bdab",
            "parentcaller": "0x7ff9a9d4bc22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a908b",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a638acb2",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003a8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a638acfc",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a638acfc",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "Milliseconds",
                "value": "1000"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "3892",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a63b139f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "3892",
            "caller": "0x7ff9a63ca6d1",
            "parentcaller": "0x7ff9a63b12d5",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "\\\\?\\STORAGE#Volume#{1c192ddb-7371-11f1-9cd4-806e6f6e6963}#0000000003300000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a638ad1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63acca6",
            "parentcaller": "0x7ff9a63a8fe3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a901f",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000039c"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000003a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a9047",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a9d4bdab",
            "parentcaller": "0x7ff9a9d4bc22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Data",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00o\\xb6d\\x1c\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a908b",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63acca6",
            "parentcaller": "0x7ff9a63a8fe3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000003a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a901f",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a0"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a9047",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a0"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "3892",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a63b139f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a9d4bdab",
            "parentcaller": "0x7ff9a9d4bc22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a908b",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a638acb2",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a638acfc",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a638acfc",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "Milliseconds",
                "value": "1000"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "3892",
            "caller": "0x7ff9a63ca6d1",
            "parentcaller": "0x7ff9a63b12d5",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "\\\\?\\STORAGE#Volume#{1c192ddb-7371-11f1-9cd4-806e6f6e6963}#00000008E0100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{e1e1ae7a-0000-0000-0000-10e008000000}\\"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a638ad1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63acca6",
            "parentcaller": "0x7ff9a63a8fe3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a901f",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000039c"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-10e008000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000003ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a9047",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a9d4bdab",
            "parentcaller": "0x7ff9a9d4bc22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Data",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xd9T\\x98P\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x008\\x00E\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a908b",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63acca6",
            "parentcaller": "0x7ff9a63a8fe3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000003ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a901f",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-10e008000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a9047",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a9d4bdab",
            "parentcaller": "0x7ff9a9d4bc22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a63a908b",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8474dfe",
            "parentcaller": "0x7ff9a638af0d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a8474e0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8474dfe",
            "parentcaller": "0x7ff9a638af6d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a8474e0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8474dfe",
            "parentcaller": "0x7ff9a638af0d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8474f8d",
            "parentcaller": "0x7ff9a638af0d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a8474e0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8474dfe",
            "parentcaller": "0x7ff9a638af6d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8474f8d",
            "parentcaller": "0x7ff9a638af6d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a8474e0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a846b0fb",
            "parentcaller": "0x7ff9a6361f1d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a6362e6f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\x0cl\\xf8w\\x02\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a6361f41",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8474dfe",
            "parentcaller": "0x7ff9a638af0d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x00e\\x000\\x000\\x008\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a8474e0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a8474dfe",
            "parentcaller": "0x7ff9a638af6d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000039c"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x00e\\x000\\x000\\x008\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a8474e0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff9a977adb0"
              },
              {
                "name": "Parameter",
                "value": "0x277f86b2d80"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "4196"
              },
              {
                "name": "ProcessId",
                "value": "3864"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "4196",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "4196",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9a977adb0"
              },
              {
                "name": "Parameter",
                "value": "0x277f86b2d80"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "4196",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f86c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a9c24a33",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003cc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-06-30 02:26:17,291",
            "thread_id": "960",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f86cc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff9a9d45960"
              },
              {
                "name": "Parameter",
                "value": "0x277f9ffce40"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4108"
              },
              {
                "name": "ProcessId",
                "value": "3864"
              },
              {
                "name": "Module",
                "value": "SHCORE.dll"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8441751",
            "parentcaller": "0x7ff9a8441420",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000050"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\xa0\\xf1_\\xa1\\x82\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\xf1_\\xa1\\x82\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f86ce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9a9d45960"
              },
              {
                "name": "Parameter",
                "value": "0x277f9ffce40"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8498cfe",
            "parentcaller": "0x7ff9a9d79042",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xab\\xa0\\x82\\x00\\x00\\x00\\x18\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4108"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f86cf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a9777d31",
            "parentcaller": "0x7ff9a972de55",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\WindowsRuntime"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a972ddb2",
            "parentcaller": "0x7ff9a972d0f2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a97708cd",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.StateRepository.FileTypeAssociation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a9770927",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f8"
              },
              {
                "name": "KeyInformation",
                "value": "y\\x1f\\x10\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00h\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00F\\x00i\\x00l\\x00e\\x00T\\x00y\\x00p\\x00e\\x00A\\x00s\\x00s\\x00o\\x00c\\x00i\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x19\\x01\\x02\\x00w\\x02\\x00\\x00\\xffbf\\x04\\xffc1\\xffa2Y\\xff91\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00h\\xffef_\\xffa1\\xff82\\x00\\x00\\x00O\\x06\\xffc1\\xffa2Y\\xff91\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000rg\\xfff8w\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xff90yk\\xfff8w\\x02\\x00\\x00\\xffb0\\xffef_\\xffa1\\xff82\\x00\\x00\\x00\\xffa4L\\xffb5\\xff87\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xfff0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffcd$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xffe8#\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xff90yk\\xfff8w\\x02\\x00\\x00\\xffc8\\xffd5\\xffd7\\xff87\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00w\\x02\\x00\\x00\\xff98$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xfff0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xff80$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xffa0\\xffef_\\xffa1\\xff82\\x00\\x00\\x00h\\xffd9\\xffd7\\xff87\\xfff9\\x7f\\x00\\x00\\xffb0\\xffef_\\xffa1\\xff82\\x00\\x00\\x00\\xffe0sk\\xfff8w\\x02\\x00\\x00\\xffc0\\xffddr\\xffa9\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00w\\x02\\x00\\x000\\xfff1_\\xffa1\\xff82\\x00\\x00\\x00\\xff90yk\\xfff8w\\x02\\x00\\x000rg\\xfff8w\\x02\\x00\\x00\\xffb0\\xffcej\\xfff8w\\x02\\x00\\x00\\xffd76p\\xffa9\\xfff9\\x7f\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\xfffcsk\\xfff8w\\x02\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffef_\\xffa1\\xff82\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff80)k\\xfff8w\\x02\\x00\\x00\\xfff2\\xffd0r\\xffa9\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97807bb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a97356ac",
            "parentcaller": "0x7ff9a979b1b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003f8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9774022",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a975e0c4",
            "parentcaller": "0x7ff9aaa338b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a972ddb2",
            "parentcaller": "0x7ff9a972d0f2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a97708cd",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "StateRepository"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a9770927",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffcek|\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00\\x00\\x00\\x04\\xff97C\\xfffaw\\x02\\x00\\x000\\x19\\xffe3\\xff87\\xfff9\\x7f\\x00\\x00\\xffb2\\xffddr\\xffa9\\xfff9\\x7f\\x00\\x00\\xffe9N\\xffb3\\xff87\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00I\\xffeb_\\xffa1\\xff82\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00w\\x02\\x00\\x00 \\x13D\\xfff8w\\x02\\x00\\x00o\\x07\\xffc1\\xffa2Y\\xff91\\x00\\x00\\x00\\x00D\\xfff8w\\x02\\x00\\x00\\xff87\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00\\xffb8\\xffeb_\\xffa1\\xff82\\x00\\x00\\x00\\xffff\n\\xffc1\\xffa2Y\\xff91\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffacxk\\xfff8w\\x02\\x00\\x00\\x08th\\xfff8w\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffd0zk\\xfff8w\\x02\\x00\\x00\\x00\\xffec_\\xffa1\\xff82\\x00\\x00\\x00\\xffa4L\\xffb5\\xff87\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffcd$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xffe8#\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xffd0zk\\xfff8w\\x02\\x00\\x00\\xffc8\\xffd5\\xffd7\\xff87\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00w\\x02\\x00\\x00\\xff98$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xfff0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xff80$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xfff0\\xffeb_\\xffa1\\xff82\\x00\\x00\\x00h\\xffd9\\xffd7\\xff87\\xfff9\\x7f\\x00\\x00\\x00\\xffec_\\xffa1\\xff82\\x00\\x00\\x00\\xff80\\x1ek\\xfff8w\\x02\\x00\\x00\\xffc0\\xffddr\\xffa9\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00w\\x02\\x00\\x00\\x00\\xffee_\\xffa1\\xff82\\x00\\x00\\x00\\xffd0zk\\xfff8w\\x02\\x00\\x000yk\\xfff8w\\x02\\x00\\x00\\xff80\\x1ek\\xfff8w\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xff82\\x00\\x00\\x00\\x0c\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\xff9c\\x1ek\\xfff8w\\x02\\x00\\x000\\x00\\x00\\x00w\\x02\\x00\\x00\\xfff0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xfff0\\xffeb_\\xffa1\\xff82\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@%k\\xfff8w\\x02\\x00\\x00\\xfff2\\xffd0r\\xffa9\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97807bb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ExePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97807bb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "CommandLine"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "IdentityType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9774022",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0x7ff900000003"
              },
              {
                "name": "DataLength",
                "value": "184"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9774022",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a9789d40",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivatableClasses"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ServerType"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "AppId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Identity"
              },
              {
                "name": "Data",
                "value": "nt authority\\system"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ServiceName"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ExplicitPsmActivationType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a97356ac",
            "parentcaller": "0x7ff9a979b1b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a976ab76",
            "parentcaller": "0x7ff9a976f113",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a976ab76",
            "parentcaller": "0x7ff9a976f113",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a9c24a33",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003dc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f86d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a9c32140",
            "parentcaller": "0x7ff9a9c31ddd",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8462d8a",
            "parentcaller": "0x7ff9a96cfb64",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a96cfb82",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetMarshalSizeMax"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a9760fc0"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a96cfb9f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a96e8d00"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a96cfbbc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a96e67a0"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a96cfbd9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a970b8c0"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f86d4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a96d879f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000408"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a84a518d",
            "parentcaller": "0x7ff9a84646e4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc400000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8462338",
            "parentcaller": "0x7ff9a84a9215",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8464b01",
            "parentcaller": "0x7ff9a84642d1",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 344
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a8464cf6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a84a518d",
            "parentcaller": "0x7ff9a8464c2a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277fc410000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8464cad",
            "parentcaller": "0x7ff9a8464c5d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a978516f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a96e8d00"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a9785199",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a96e67a0"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a97851c3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a9747c50"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a97851ed",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a9768bb0"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a9785217",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a9767040"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a9785241",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a96dc030"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a978526b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a970b8c0"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-06-30 02:26:17,306",
            "thread_id": "4108",
            "caller": "0x7ff9a978507f",
            "parentcaller": "0x7ff9aaa338b0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              },
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a9768313",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000412"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a976834e",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a9768377",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a9768388",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a97295e4",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002b2"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xbf_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x12\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\x00\\xc0_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000412"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a97740e1",
            "parentcaller": "0x7ff9a972968d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9729c65",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a9729ef5",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000412"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972ac16",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a9729fcf",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xbd_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x12\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\x90\\xbe_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000412"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xbd_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x12\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\x90\\xbe_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000412"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a9729a80",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a97295e4",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002b2"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xbb_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x12\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\xc0\\xbc_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000412"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a97740e1",
            "parentcaller": "0x7ff9a972968d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9729c65",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a9729ef5",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000412"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972ac16",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a9729fcf",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xba_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x12\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00P\\xbb_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000412"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xba_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x12\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00P\\xbb_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000412"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a972ae1c",
            "parentcaller": "0x7ff9a9728039",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000412"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9728085",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xb9_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x12\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\x90\\xba_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000412"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000412"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a972b02a",
            "parentcaller": "0x7ff9a9729e28",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002b2"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a972b061",
            "parentcaller": "0x7ff9a9729e28",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000416"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a972b0c5",
            "parentcaller": "0x7ff9a9729e28",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a9729a80",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a970953c",
            "parentcaller": "0x7ff9a970806b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000412"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a9708090",
            "parentcaller": "0x7ff9a96dace7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a1300000"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a1300000"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-06-30 02:26:17,322",
            "thread_id": "4108",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a1300000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d3d7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a1300000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a1307340"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d3f0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a1300000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d410",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a1300000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a1307380"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              },
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a9768313",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000416"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a976834e",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a9768377",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000412"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a9768388",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x277f86d6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a96de87e",
            "parentcaller": "0x7ff9a96de27f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26798",
            "parentcaller": "0x7ff9a84952e6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000414"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9aaa267b9",
            "parentcaller": "0x7ff9a84952e6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a9c32140",
            "parentcaller": "0x7ff9a9c31ddd",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9aaa33f6a",
            "parentcaller": "0x7ff9a9bff557",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              },
              {
                "name": "Handle",
                "value": "0x00000416"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a9768313",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000416"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000041a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a976834e",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a9768377",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041a"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a9768388",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000416"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9a8498cfe",
            "parentcaller": "0x7ff9a9d476bf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xab\\xa0\\x82\\x00\\x00\\x00\\x18\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4108"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9dd7000"
              },
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "4108",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9dd7000"
              },
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.UI.AppDefaults"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9903b0000"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.UI.AppDefaults.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9903b0000"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-06-30 02:26:17,338",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff994050000"
              }
            ],
            "repeated": 1,
            "id": 469
          },
          {
            "timestamp": "2026-06-30 02:26:17,353",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-06-30 02:26:17,369",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 471
          },
          {
            "timestamp": "2026-06-30 02:26:17,431",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\iertutil"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99f680000"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-06-30 02:26:17,431",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\srvcli"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99f650000"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-06-30 02:26:17,431",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\netutils"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a75f0000"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-06-30 02:26:17,431",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\urlmon"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99f930000"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-06-30 02:26:17,431",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 5,
            "id": 476
          },
          {
            "timestamp": "2026-06-30 02:26:17,431",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa760000"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-06-30 02:26:17,447",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\msvcp110_win"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a7200000"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-06-30 02:26:17,463",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\policymanager"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a35e0000"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-06-30 02:26:17,463",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\urlmon.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99f930000"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-06-30 02:26:17,463",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "79EAC9EE-BAF9-11CE-8C82-00AA004BA90B"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-06-30 02:26:17,478",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "API-MS-WIN-CORE-URL-L1-1-0.DLL"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8430000"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-06-30 02:26:17,478",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 483
          },
          {
            "timestamp": "2026-06-30 02:26:17,478",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CDC82860-468D-4D4E-B7E7-C298FF23AB2C"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "5632B1A4-E38A-400A-928A-D4CD63230295"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-06-30 02:26:17,494",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\wintypes"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a4dc0000"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-06-30 02:26:17,494",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a4dc0000"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-06-30 02:26:17,494",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F1C46D71-B791-4110-8D5C-7108F22C1010"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8A43ED9F-F4E6-4421-ACF9-1DAB2986820C"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-06-30 02:26:17,494",
            "thread_id": "2716",
            "caller": "0x7ff79a457989",
            "parentcaller": "0x7ff79a4566e5",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a4dc0000"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-06-30 02:26:17,494",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8a40000"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-06-30 02:26:17,494",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\apphelp"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a5a30000"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-06-30 02:26:17,494",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-06-30 02:26:17,509",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\WindowsCodecs"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99cf00000"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-06-30 02:26:17,509",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\PhotoMetadataHandler"
              },
              {
                "name": "DllBase",
                "value": "0x7ff998e30000"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-06-30 02:26:17,509",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\PhotoMetadataHandler.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998e30000"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-06-30 02:26:17,509",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "A38B883C-1682-497E-97B0-0A3A9E801682"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-06-30 02:26:17,525",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\SHCore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d30000"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-06-30 02:26:17,525",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E2EB4CA4-C96E-4DA4-94B1-673C8334A5BB"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "265CFCAA-9B0C-44CA-996F-4A6F6620C72D"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-06-30 02:26:17,525",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windowscodecs.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99cf00000"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-06-30 02:26:17,541",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CACAF262-9370-4615-A13B-9F5539DA4C0A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 1,
            "id": 499
          },
          {
            "timestamp": "2026-06-30 02:26:17,588",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "PhotoMetadataHandler.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998e30000"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-06-30 02:26:17,603",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Bcp47Langs"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99e080000"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-06-30 02:26:17,603",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\sppc"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a6c60000"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-06-30 02:26:17,603",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\SLC"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a6c90000"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-06-30 02:26:17,619",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\USERENV"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a7f80000"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-06-30 02:26:17,619",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\appresolver"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9971f0000"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-06-30 02:26:17,619",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\appresolver.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9971f0000"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-06-30 02:26:17,619",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-06-30 02:26:17,619",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "660B90C8-73A9-4B58-8CAE-355B7F55341B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "21CBC515-2DDE-4D66-8292-BA34BD25094A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-06-30 02:26:17,619",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-06-30 02:26:17,619",
            "thread_id": "4108",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9dd7000"
              },
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-06-30 02:26:17,619",
            "thread_id": "4108",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9dd7000"
              },
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-06-30 02:26:17,619",
            "thread_id": "4108",
            "caller": "0x7ff9a8498cfe",
            "parentcaller": "0x7ff9a9d79042",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xab\\xa0\\x82\\x00\\x00\\x00\\x18\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4108"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99d480000"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99d480000"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a6408272",
            "parentcaller": "0x7ff9a6408b42",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "C2F03A33-21F5-47FA-B4BB-156362A2F239"
              },
              {
                "name": "ClsContext",
                "value": "0x00000004",
                "pretty_value": "CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "6D5140C1-7436-11CE-8034-00AA006009FA"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a9c32140",
            "parentcaller": "0x7ff9a9c31ddd",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d12000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d12000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a9bf56f3",
            "parentcaller": "0x7ff9a9c320bb",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9aaa33f6a",
            "parentcaller": "0x7ff9a9bff557",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}"
              },
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a9768313",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004da"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a976834e",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a9768377",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a9768388",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a97295e4",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002b2"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xc8_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00 \\xc9_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a97740e1",
            "parentcaller": "0x7ff9a972968d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9729c65",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a9729ef5",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004da"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972ac16",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a9729fcf",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc6_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\xb0\\xc7_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc6_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\xb0\\xc7_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a9729a80",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a97295e4",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002b2"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xc4_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\xe0\\xc5_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-06-30 02:26:17,634",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a97740e1",
            "parentcaller": "0x7ff9a972968d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9729c65",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a9729ef5",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004da"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972ac16",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a9729fcf",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc3_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00p\\xc4_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc3_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00p\\xc4_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a972ae1c",
            "parentcaller": "0x7ff9a9728039",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004da"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9728085",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xc2_\\xa1\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xda\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\xb0\\xc3_\\xa1\\x82\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004da"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004da"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a972b02a",
            "parentcaller": "0x7ff9a9729e28",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002b2"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000004c2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a972b061",
            "parentcaller": "0x7ff9a9729e28",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c2"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a972b0c5",
            "parentcaller": "0x7ff9a9729e28",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c2"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a9729a80",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002d2"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              },
              {
                "name": "Handle",
                "value": "0x000004da"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a970953c",
            "parentcaller": "0x7ff9a970806b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004da"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a9708090",
            "parentcaller": "0x7ff9a96dace7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004da"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99eea0000"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99eea0000"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff99eea0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d3d7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff99eea0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99eeb5da0"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d3f0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff99eea0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d410",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OneCoreUAPCommonProxyStub.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff99eea0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99eeb5e50"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a97708cd",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Storage.Streams.DataWriter"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a9770927",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c0"
              },
              {
                "name": "KeyInformation",
                "value": "?\t(\\xffce}\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00D\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00t\\x00o\\x00r\\x00a\\x00g\\x00e\\x00.\\x00S\\x00t\\x00r\\x00e\\x00a\\x00m\\x00s\\x00.\\x00D\\x00a\\x00t\\x00a\\x00W\\x00r\\x00i\\x00t\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\xffc0\\x0cD\\xfff8w\\x02\\x00\\x00\\xffa8\\xffed_\\xffa1\\xff82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00k\\xffb8\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\x1b\\x003\\x00\\x00\\x00\\x00\\x00\\xfff8\\x00\\x00\\x00\\x00\\x00\\x00\\x00`\\xffe9i\\xfff8w\\x02\\x00\\x009\\xffea_\\xffa1\\xff82\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00w\\x02\\x00\\x00 \\x13D\\xfff8w\\x02\\x00\\x00h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00D\\xfff8w\\x02\\x00\\x00\\xffc4\\x02D\\xfff8w\\x02\\x00\\x00\\x00\\x00D\\xfff8w\\x02\\x00\\x00XU\\xff9b\\xffa9\\xfff9\\x7f\\x00\\x00\\x08\\xfff4l\\xfff8w\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffeb_\\xffa1\\xff82\\x00\\x00\\x00\\xff98kp\\xffa9\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00w\\x02\\x00\\x00\\x10\\xffc5j\\xfff8w\\x02\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\xffe0\\xfff3l\\xfff8w\\x02\\x00\\x00\\x10\\xffc5j\\xfff8w\\x02\\x00\\x00\\xffe0/n\\xfff8w\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xff82\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\x00\\x00\\xff90il\\xfff8\\x02\\x00\\x00\\x00\\xffa6Ap\\xffa9\\xfff9\\x7f\\x00\\x00\\x009j\\xfff8w\\x02\\x00\\x00\\xffe0/n\\xfff8w\\x02\\x00\\x00P\\xffaan\\xfff8w\\x02\\x00\\x00P\\xffaan\\xfff8w\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xffc5j\\xfff8w\\x02\\x00\\x00P\\xffaan\\xfff8w\\x02\\x00\\x00\\xffd76p\\xffa9\\xfff9\\x7f\\x00\\x00\\x00\\x18n\\xfff8w\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00_\\xffa1\\xff82\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18n\\xfff8w\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xff82\\x00\\x00\\x00\\x00\\xffec_\\xffa1\\xff82\\x00\\x00\\x00\\xffa1Ep\\xffa9\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Server"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97807bb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Threading"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a97356ac",
            "parentcaller": "0x7ff9a979b1b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c0"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9774022",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-06-30 02:26:17,650",
            "thread_id": "4108",
            "caller": "0x7ff9a976ab76",
            "parentcaller": "0x7ff9a976f113",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-06-30 02:26:19,744",
            "thread_id": "4108",
            "caller": "0x7ff9a4de1f18",
            "parentcaller": "0x7ff9a4de2681",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-06-30 02:26:19,744",
            "thread_id": "4108",
            "caller": "0x7ff9a96de87e",
            "parentcaller": "0x7ff9a970ced5",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 5,
            "id": 627
          },
          {
            "timestamp": "2026-06-30 02:26:19,744",
            "thread_id": "4108",
            "caller": "0x7ff9a8498cfe",
            "parentcaller": "0x7ff9a9d476bf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xab\\xa0\\x82\\x00\\x00\\x00\\x18\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4108"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-06-30 02:26:19,744",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\mspaint.exe\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\""
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "4504"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-06-30 02:26:19,759",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 630
          },
          {
            "timestamp": "2026-06-30 02:26:19,791",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-06-30 02:26:19,791",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\apphelp.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5a30000"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-06-30 02:26:19,806",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"C:\\Windows\\system32\\mspaint.exe\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\""
              },
              {
                "name": "CreationFlags",
                "value": "0x04080414",
                "pretty_value": "CREATE_SUSPENDED|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT|CREATE_DEFAULT_ERROR_MODE"
              },
              {
                "name": "ProcessId",
                "value": "4504"
              },
              {
                "name": "ThreadId",
                "value": "336"
              },
              {
                "name": "ParentHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000004c0"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-06-30 02:26:19,806",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\MPR"
              },
              {
                "name": "DllBase",
                "value": "0x7ff998030000"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-06-30 02:26:19,806",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 635
          },
          {
            "timestamp": "2026-06-30 02:26:19,806",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\pcacli"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a31d0000"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-06-30 02:26:19,822",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-06-30 02:26:19,838",
            "thread_id": "2716",
            "caller": "0x7ff79a4566e5",
            "parentcaller": "0x7ff79a4564ba",
            "category": "process",
            "api": "ShellExecuteExW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FilePath",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "Parameters",
                "value": ""
              },
              {
                "name": "Show",
                "value": "1",
                "pretty_value": "SW_SHOWNORMAL"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-06-30 02:26:19,838",
            "thread_id": "2716",
            "caller": "0x7ff79a456713",
            "parentcaller": "0x7ff79a4564ba",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000320"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-06-30 02:26:19,838",
            "thread_id": "2716",
            "caller": "0x7ff79a456713",
            "parentcaller": "0x7ff79a4564ba",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a9530000"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-06-30 02:26:19,838",
            "thread_id": "2716",
            "caller": "0x7ff79a465cd2",
            "parentcaller": "0x7ff79a4740a5",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 641
          }
        ],
        "threads": [
          "2716",
          "4512",
          "4812",
          "4284",
          "1944",
          "960",
          "3892",
          "4196",
          "4108"
        ],
        "environ": {
          "UserName": "Rajesh",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Windows\\system32\\cmd.exe\" /c start /wait \"\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\"",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff79a450000",
          "MainExeSize": "0x00067000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 756,
        "process_name": "svchost.exe",
        "parent_id": 632,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "first_seen": "2026-06-30 02:26:17,690",
        "calls": [
          {
            "timestamp": "2026-06-30 02:26:20,050",
            "thread_id": "3624",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ef8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-06-30 02:26:23,643",
            "thread_id": "1176",
            "caller": "0x7ff9a8445d3e",
            "parentcaller": "0x7ff9aa529dd3",
            "category": "services",
            "api": "StartServiceW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ServiceHandle",
                "value": "0x22e544025c0"
              },
              {
                "name": "ServiceName",
                "value": "stisvc"
              },
              {
                "name": "Arguments",
                "value": []
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-06-30 02:26:30,050",
            "thread_id": "1176",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000ee0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\PhysicalDrive0"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-06-30 02:26:31,425",
            "thread_id": "3624",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000c9c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-06-30 02:26:31,425",
            "thread_id": "3624",
            "caller": "0x7ff9a8494796",
            "parentcaller": "0x7ff9a849466e",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000ed4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x22e54240000"
              },
              {
                "name": "SectionOffset",
                "value": "0x36ac67d240"
              },
              {
                "name": "ViewSize",
                "value": "0x0007a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-06-30 02:26:31,425",
            "thread_id": "3624",
            "caller": "0x7ff9a8438e73",
            "parentcaller": "0x7ff9a84363c3",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000ed4"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000ef8"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\system32\\wbem\\wmiprvse.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "140707423586748"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-06-30 02:26:32,503",
            "thread_id": "3624",
            "caller": "0x7ff9a84363c3",
            "parentcaller": "0x7ff9aa3edb20",
            "category": "process",
            "api": "CreateProcessInternalW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": "C:\\Windows\\system32\\wbem\\wmiprvse.exe"
              },
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000010",
                "pretty_value": "CREATE_NEW_CONSOLE"
              },
              {
                "name": "ProcessId",
                "value": "2492"
              },
              {
                "name": "ThreadId",
                "value": "1536"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00000ed4"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000ef8"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6
          }
        ],
        "threads": [
          "3624",
          "1176"
        ],
        "environ": {
          "UserName": "SYSTEM",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff69d480000",
          "MainExeSize": "0x00011000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 4504,
        "process_name": "mspaint.exe",
        "parent_id": 3864,
        "module_path": "C:\\Windows\\System32\\mspaint.exe",
        "first_seen": "2026-06-30 02:26:19,917",
        "calls": [
          {
            "timestamp": "2026-06-30 02:26:20,057",
            "thread_id": "336",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a84632e1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "MSVCRT.DLL"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa910000"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-06-30 02:26:20,057",
            "thread_id": "336",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a84632e1",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9aa910000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "MSVCRT.DLL"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-06-30 02:26:20,057",
            "thread_id": "336",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349431000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-06-30 02:26:20,057",
            "thread_id": "336",
            "caller": "0x7ff9aaa3cb0e",
            "parentcaller": "0x7ff9a848ad68",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c5e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-06-30 02:26:20,057",
            "thread_id": "336",
            "caller": "0x7ff9aaa3cb60",
            "parentcaller": "0x7ff9a848ad68",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c5e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-06-30 02:26:20,057",
            "thread_id": "336",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a84632e1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa760000"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-06-30 02:26:20,073",
            "thread_id": "336",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a84632e1",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a8700000"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-06-30 02:26:20,089",
            "thread_id": "336",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a84632e1",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "401"
              },
              {
                "name": "y",
                "value": "630"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-06-30 02:26:20,104",
            "thread_id": "336",
            "caller": "0x7ff989749253",
            "parentcaller": "0x7ff98974d8bd",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x17349540bb0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff989740000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3585"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-06-30 02:26:20,104",
            "thread_id": "336",
            "caller": "0x7ff9a84632e1",
            "parentcaller": "0x7ff989741666",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\MFC42LOC.DLL"
              },
              {
                "name": "dwFlags",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-06-30 02:26:20,104",
            "thread_id": "336",
            "caller": "0x7ff9a84632e1",
            "parentcaller": "0x7ff989741666",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\mfc42u"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff989740000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff98975f760"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-06-30 02:26:20,120",
            "thread_id": "336",
            "caller": "0x7ff9aa3e48d9",
            "parentcaller": "0x7ff9aa3e3b55",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000025c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WindowsShell.Manifest"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-06-30 02:26:20,120",
            "thread_id": "336",
            "caller": "0x7ff9aa3e4a50",
            "parentcaller": "0x7ff9aa3e3b55",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000260"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004",
                "pretty_value": "SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000025c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WindowsShell.Manifest"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-06-30 02:26:20,120",
            "thread_id": "336",
            "caller": "0x7ff9aa3e49bd",
            "parentcaller": "0x7ff9aa3e3b55",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000260"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349550000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-06-30 02:26:20,120",
            "thread_id": "336",
            "caller": "0x7ff9aa3de7a0",
            "parentcaller": "0x7ff9aa3e4cfd",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000264"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-06-30 02:26:20,120",
            "thread_id": "336",
            "caller": "0x7ff9aa3de7f0",
            "parentcaller": "0x7ff9aa3e4cfd",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000264"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-06-30 02:26:20,120",
            "thread_id": "336",
            "caller": "0x7ff9aa3de818",
            "parentcaller": "0x7ff9aa3e4cfd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9aa3e51b2",
            "parentcaller": "0x7ff9aa3e4dcf",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000025c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\WindowsShell.Manifest"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9aa3e4c33",
            "parentcaller": "0x7ff9aa3e462e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9aa3e4c3a",
            "parentcaller": "0x7ff9aa3e462e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9aa3e462e",
            "parentcaller": "0x7ff9aa3e3b55",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349550000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349434000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9aa3e2a0e",
            "parentcaller": "0x7ff9940b3a63",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "ThemePropScrollBarCtl"
              },
              {
                "name": "Atom",
                "value": "0x0000c01b"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9aa3e2a0e",
            "parentcaller": "0x7ff9940b3a7d",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MicrosoftTabletPenServiceProperty"
              },
              {
                "name": "Atom",
                "value": "0x0000c01c"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9940b3bbc",
            "parentcaller": "0x7ff9940b3aed",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001022"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9a8462d8a",
            "parentcaller": "0x7ff9940b3afb",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "LPK"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9a8462d8a",
            "parentcaller": "0x7ff9940b3b13",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "GDI32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9940b3b2e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "LpkEditControl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3c4720"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9940b3b2e",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\\comctl32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff994050000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9940e9e80"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9a94549d0",
            "parentcaller": "0x7ff9a9485a71",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\comdlg32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9450000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a9483a70"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9a2751eb0",
            "parentcaller": "0x7ff9a2751dd9",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a2720000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "propsys.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000022"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9a2751eb0",
            "parentcaller": "0x7ff9a2751dd9",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\propsys"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a2720000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a2762b30"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff99e3ae60f",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ninput"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99dda0000"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff99e3ae60f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ninput.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99dda0000"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff99e3ae60f",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff99dda0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ninput.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9a84353dc",
            "parentcaller": "0x7ff99e3ae62f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ninput.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff99dda0000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "2506"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99dda8290"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "336",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff70107f1a0"
              },
              {
                "name": "Parameter",
                "value": "0x1e5ee18000"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "2184",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "2184",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b93070"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "2832",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349435000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "2832",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349436000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "2832",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "2832",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b92e50"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "2076",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "2076",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b92a40"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "1348",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-06-30 02:26:20,135",
            "thread_id": "1348",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b92f10"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70107f9b1",
            "parentcaller": "0x7ff70107eff8",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ff70107f960"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70107ef1e",
            "parentcaller": "0x7ff70107f03d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349438000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70107ef1e",
            "parentcaller": "0x7ff70107f03d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349577000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70107ef1e",
            "parentcaller": "0x7ff70107f03d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349578000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101c962",
            "parentcaller": "0x7ff700fe21f9",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff701077078",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_91a663c8cc864906\\gdiplus"
              },
              {
                "name": "DllBase",
                "value": "0x7ff990180000"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff701077078",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdiplus.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff990180000"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff701077078",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff990180000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "gdiplus.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdiplusStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff990187d40"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x1734c850000",
            "arguments": [
              {
                "name": "Options",
                "value": "0"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa770550"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetAncestor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa794360"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetMonitorInfoA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa78e110"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplayMonitors"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa794300"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplayDevicesA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa768bc0"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-06-30 02:26:20,182",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a5b50000"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5b50000"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000400",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "78"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000300",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "79"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "ExtTextOutW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a36d0"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdiIsMetaPrintDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a9c60"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "ValueName",
                "value": "en-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000290"
              },
              {
                "name": "ValueName",
                "value": "en-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_91a663c8cc864906\\GdiPlus.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff990180000"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff990180000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_91a663c8cc864906\\gdiplus.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000294"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff990189ae0"
              },
              {
                "name": "Parameter",
                "value": "0x1734c851ef0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4168"
              },
              {
                "name": "ProcessId",
                "value": "4504"
              },
              {
                "name": "Module",
                "value": "gdiplus.dll"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101139b",
            "parentcaller": "0x7ff70101cc09",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000294",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff990189ae0"
              },
              {
                "name": "Parameter",
                "value": "0x1734c851ef0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "4168"
              },
              {
                "name": "ProcessId",
                "value": "4504"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101cf0b",
            "parentcaller": "0x7ff700fe21f9",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "4168",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "4168",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff990189ae0"
              },
              {
                "name": "Parameter",
                "value": "0x1734c851ef0"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1910",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3585"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "SetWindowsHookExW",
            "status": true,
            "return": "0x002000cf",
            "arguments": [
              {
                "name": "HookIdentifier",
                "value": "18446744073709551615"
              },
              {
                "name": "ProcedureAddress",
                "value": "0x7ff989756090"
              },
              {
                "name": "ModuleAddress",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "4168",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c852000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101d5d5",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d12000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-06-30 02:26:20,198",
            "thread_id": "336",
            "caller": "0x7ff70101d5d5",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d12000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "4168",
            "caller": "0x7ff9aa7821b0",
            "parentcaller": "0x7ff9aa782153",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff990180000"
              },
              {
                "name": "Type",
                "value": "#4"
              },
              {
                "name": "Name",
                "value": "GDI+ Hook Window"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f377",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "CreateToolhelp32Snapshot",
            "status": true,
            "return": "0x000002ac",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000002",
                "pretty_value": "TH32CS_SNAPPROCESS"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f38d",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32FirstW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "[System Process]"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "System"
              },
              {
                "name": "ProcessId",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "Registry"
              },
              {
                "name": "ProcessId",
                "value": "92"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "smss.exe"
              },
              {
                "name": "ProcessId",
                "value": "324"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "csrss.exe"
              },
              {
                "name": "ProcessId",
                "value": "428"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "wininit.exe"
              },
              {
                "name": "ProcessId",
                "value": "548"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "services.exe"
              },
              {
                "name": "ProcessId",
                "value": "632"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "lsass.exe"
              },
              {
                "name": "ProcessId",
                "value": "644"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "fontdrvhost.exe"
              },
              {
                "name": "ProcessId",
                "value": "744"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "756"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "872"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1012"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "360"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "412"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "364"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1120"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1276"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1364"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1372"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1388"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1512"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "spoolsv.exe"
              },
              {
                "name": "ProcessId",
                "value": "1568"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1828"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "armsvc.exe"
              },
              {
                "name": "ProcessId",
                "value": "1848"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1864"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1380"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "2448"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "SearchIndexer.exe"
              },
              {
                "name": "ProcessId",
                "value": "3168"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "3880"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "csrss.exe"
              },
              {
                "name": "ProcessId",
                "value": "3308"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "winlogon.exe"
              },
              {
                "name": "ProcessId",
                "value": "2584"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "fontdrvhost.exe"
              },
              {
                "name": "ProcessId",
                "value": "2308"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "dwm.exe"
              },
              {
                "name": "ProcessId",
                "value": "2768"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "sihost.exe"
              },
              {
                "name": "ProcessId",
                "value": "2260"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "4012"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "taskhostw.exe"
              },
              {
                "name": "ProcessId",
                "value": "3552"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "pyw.exe"
              },
              {
                "name": "ProcessId",
                "value": "3700"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "explorer.exe"
              },
              {
                "name": "ProcessId",
                "value": "2892"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "StartMenuExperienceHost.exe"
              },
              {
                "name": "ProcessId",
                "value": "2132"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "RuntimeBroker.exe"
              },
              {
                "name": "ProcessId",
                "value": "3980"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "SearchApp.exe"
              },
              {
                "name": "ProcessId",
                "value": "2232"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "RuntimeBroker.exe"
              },
              {
                "name": "ProcessId",
                "value": "628"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "ctfmon.exe"
              },
              {
                "name": "ProcessId",
                "value": "788"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "2996"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "828"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "3964"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "3176"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "3884"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "3556"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "3648"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "dllhost.exe"
              },
              {
                "name": "ProcessId",
                "value": "4172"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "ApplicationFrameHost.exe"
              },
              {
                "name": "ProcessId",
                "value": "3896"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "ONENOTEM.EXE"
              },
              {
                "name": "ProcessId",
                "value": "592"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "4980"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "2924"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "3148"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "TrustedInstaller.exe"
              },
              {
                "name": "ProcessId",
                "value": "2700"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "TiWorker.exe"
              },
              {
                "name": "ProcessId",
                "value": "1272"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "MoUsoCoreWorker.exe"
              },
              {
                "name": "ProcessId",
                "value": "2792"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "sppsvc.exe"
              },
              {
                "name": "ProcessId",
                "value": "1284"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "SppExtComObj.Exe"
              },
              {
                "name": "ProcessId",
                "value": "4580"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "924"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "taskhostw.exe"
              },
              {
                "name": "ProcessId",
                "value": "348"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "notepad.exe"
              },
              {
                "name": "ProcessId",
                "value": "2848"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "4620"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "cmd.exe"
              },
              {
                "name": "ProcessId",
                "value": "3864"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "WmiPrvSE.exe"
              },
              {
                "name": "ProcessId",
                "value": "2164"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "conhost.exe"
              },
              {
                "name": "ProcessId",
                "value": "4132"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3a7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "mspaint.exe"
              },
              {
                "name": "ProcessId",
                "value": "4504"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3c7",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32FirstW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "[System Process]"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "System"
              },
              {
                "name": "ProcessId",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "Registry"
              },
              {
                "name": "ProcessId",
                "value": "92"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "smss.exe"
              },
              {
                "name": "ProcessId",
                "value": "324"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "csrss.exe"
              },
              {
                "name": "ProcessId",
                "value": "428"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "wininit.exe"
              },
              {
                "name": "ProcessId",
                "value": "548"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "services.exe"
              },
              {
                "name": "ProcessId",
                "value": "632"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "lsass.exe"
              },
              {
                "name": "ProcessId",
                "value": "644"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "fontdrvhost.exe"
              },
              {
                "name": "ProcessId",
                "value": "744"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "756"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "872"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1012"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "360"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "412"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "364"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1120"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1276"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1364"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1372"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1388"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1512"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "spoolsv.exe"
              },
              {
                "name": "ProcessId",
                "value": "1568"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1828"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "armsvc.exe"
              },
              {
                "name": "ProcessId",
                "value": "1848"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1864"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1872"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "1380"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "2448"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "SearchIndexer.exe"
              },
              {
                "name": "ProcessId",
                "value": "3168"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "3880"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "csrss.exe"
              },
              {
                "name": "ProcessId",
                "value": "3308"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "winlogon.exe"
              },
              {
                "name": "ProcessId",
                "value": "2584"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "fontdrvhost.exe"
              },
              {
                "name": "ProcessId",
                "value": "2308"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "dwm.exe"
              },
              {
                "name": "ProcessId",
                "value": "2768"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "sihost.exe"
              },
              {
                "name": "ProcessId",
                "value": "2260"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "4012"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "taskhostw.exe"
              },
              {
                "name": "ProcessId",
                "value": "3552"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "pyw.exe"
              },
              {
                "name": "ProcessId",
                "value": "3700"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "explorer.exe"
              },
              {
                "name": "ProcessId",
                "value": "2892"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "StartMenuExperienceHost.exe"
              },
              {
                "name": "ProcessId",
                "value": "2132"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "RuntimeBroker.exe"
              },
              {
                "name": "ProcessId",
                "value": "3980"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "SearchApp.exe"
              },
              {
                "name": "ProcessId",
                "value": "2232"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "RuntimeBroker.exe"
              },
              {
                "name": "ProcessId",
                "value": "628"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "ctfmon.exe"
              },
              {
                "name": "ProcessId",
                "value": "788"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "2996"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "828"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "3964"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "3176"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "3884"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "3556"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "3648"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "dllhost.exe"
              },
              {
                "name": "ProcessId",
                "value": "4172"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "ApplicationFrameHost.exe"
              },
              {
                "name": "ProcessId",
                "value": "3896"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "ONENOTEM.EXE"
              },
              {
                "name": "ProcessId",
                "value": "592"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "4980"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "chrome.exe"
              },
              {
                "name": "ProcessId",
                "value": "2924"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "3148"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "TrustedInstaller.exe"
              },
              {
                "name": "ProcessId",
                "value": "2700"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "TiWorker.exe"
              },
              {
                "name": "ProcessId",
                "value": "1272"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "MoUsoCoreWorker.exe"
              },
              {
                "name": "ProcessId",
                "value": "2792"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "sppsvc.exe"
              },
              {
                "name": "ProcessId",
                "value": "1284"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "SppExtComObj.Exe"
              },
              {
                "name": "ProcessId",
                "value": "4580"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "924"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "4168",
            "caller": "0x7ff9aaaae327",
            "parentcaller": "0x7ff9aaa0faf7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "taskhostw.exe"
              },
              {
                "name": "ProcessId",
                "value": "348"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "notepad.exe"
              },
              {
                "name": "ProcessId",
                "value": "2848"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "4168",
            "caller": "0x7ff9aaa05157",
            "parentcaller": "0x7ff9aaa043ea",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "MSCTF.dll"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "svchost.exe"
              },
              {
                "name": "ProcessId",
                "value": "4620"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3e1",
            "parentcaller": "0x7ff70101d5e6",
            "category": "process",
            "api": "Process32NextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessName",
                "value": "cmd.exe"
              },
              {
                "name": "ProcessId",
                "value": "3864"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-06-30 02:26:20,214",
            "thread_id": "336",
            "caller": "0x7ff70105f3f4",
            "parentcaller": "0x7ff70101d5e6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e74c",
            "parentcaller": "0x7ff70101d68a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "af-ZA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\af-ZA"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "af-ZA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\af-ZA"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "am-ET"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\am-ET"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b4"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "4168",
            "caller": "0x7ff9aa9ffee4",
            "parentcaller": "0x7ff9aa9ffad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9b21000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "am-ET"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\am-ET"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-AE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-AE"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-AE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-AE"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "4168",
            "caller": "0x7ff9aaa37fd1",
            "parentcaller": "0x7ff9aaa37bcd",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\r\\x00\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 2@Is\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 2@Is\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 2@Is\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 2@Is\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 2@Is\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 2@Is\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "1256"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "c_1256.nls"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1256"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\C_1256.NLS"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "4168",
            "caller": "0x7ff9a5a368fe",
            "parentcaller": "0x7ff9a5a3717c",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\msctf.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "4168",
            "caller": "0x7ff9a5a369f4",
            "parentcaller": "0x7ff9a5a3717c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b0"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "4168",
            "caller": "0x7ff9a5a369f4",
            "parentcaller": "0x7ff9a5a3717c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\MSCTF"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a9a10000"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa4cb70"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa8f9b0"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-BH"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-BH"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-BH"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-BH"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-DZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-DZ"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-DZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-DZ"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-EG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-EG"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-EG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-EG"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-IQ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-IQ"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "4168",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9239000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-IQ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-IQ"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-JO"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-JO"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b8"
              },
              {
                "name": "ValueName",
                "value": "ar-JO"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-JO"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "4168",
            "caller": "0x7ff9a846b0fb",
            "parentcaller": "0x7ff99018a04e",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "4168",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff99018a07a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "26"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "4168",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff99018a096",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b8"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-KW"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-KW"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-KW"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-KW"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-LB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-LB"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-LB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-LB"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-LY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-LY"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-LY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-LY"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-MA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-MA"
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-MA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-MA"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-OM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-OM"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-OM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-OM"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-QA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-QA"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-QA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-QA"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-SA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-SA"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-SA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-SA"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-SY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-SY"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-SY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-SY"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349439000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-TN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-TN"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-TN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-TN"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-YE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-YE"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "ar-YE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-YE"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "arn-CL"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\arn-CL"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "arn-CL"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\arn-CL"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "as-IN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\as-IN"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "as-IN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\as-IN"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "az-Cyrl-AZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\az-Cyrl-AZ"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "az-Cyrl-AZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\az-Cyrl-AZ"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "1251"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "c_1251.nls"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1251"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-06-30 02:26:20,229",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\C_1251.NLS"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "az-Latn-AZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\az-Latn-AZ"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c4"
              },
              {
                "name": "ValueName",
                "value": "az-Latn-AZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\az-Latn-AZ"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "1254"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "c_1254.nls"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1254"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\C_1254.NLS"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "ba-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ba-RU"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "ba-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ba-RU"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "be-BY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\be-BY"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "be-BY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\be-BY"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bg-BG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bg-BG"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bg-BG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bg-BG"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bin-NG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bin-NG"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bin-NG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bin-NG"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bn-BD"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bn-BD"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bn-BD"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bn-BD"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bn-IN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bn-IN"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bn-IN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bn-IN"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bo-CN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bo-CN"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bo-CN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bo-CN"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-06-30 02:26:20,245",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "br-FR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\br-FR"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "br-FR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\br-FR"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bs-Cyrl-BA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bs-Cyrl-BA"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bs-Cyrl-BA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bs-Cyrl-BA"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bs-Latn-BA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bs-Latn-BA"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "bs-Latn-BA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bs-Latn-BA"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "1250"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "c_1250.nls"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1250"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\C_1250.NLS"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "ca-ES"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "ca-ES"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "ca-ES-valencia"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES-valencia"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "ca-ES-valencia"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES-valencia"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "chr-Cher-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\chr-Cher-US"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "chr-Cher-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\chr-Cher-US"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "co-FR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\co-FR"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "co-FR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\co-FR"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "cs-CZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cs-CZ"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "cs-CZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cs-CZ"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "cy-GB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cy-GB"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "cy-GB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cy-GB"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "da-DK"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\da-DK"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "da-DK"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\da-DK"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "de-AT"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-AT"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "de-AT"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-AT"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "de-CH"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-CH"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "de-CH"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-CH"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "de-DE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-DE"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "de-DE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-DE"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "de-LI"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-LI"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "de-LI"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-LI"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "de-LU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-LU"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "de-LU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-LU"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "dsb-DE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dsb-DE"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "dsb-DE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dsb-DE"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "dv-MV"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dv-MV"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "dv-MV"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dv-MV"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "dz-BT"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dz-BT"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "dz-BT"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dz-BT"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "el-GR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\el-GR"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "el-GR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\el-GR"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002b4"
              },
              {
                "name": "ValueName",
                "value": "1253"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "c_1253.nls"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1253"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\C_1253.NLS"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-029"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-029"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-029"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-029"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-AE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AE"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-AE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AE"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-AU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AU"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-AU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AU"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-BZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-BZ"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-BZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-BZ"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-CA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-CA"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-CA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-CA"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-GB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-GB"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-GB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-GB"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-HK"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-HK"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-HK"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-HK"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-ID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-ID"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-06-30 02:26:20,260",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-ID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-ID"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-IE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-IE"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-IE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-IE"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ValueName",
                "value": "en-IN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-IN"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c0"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-IN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-IN"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-JM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-JM"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-JM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-JM"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-MY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-MY"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-MY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-MY"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-NZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-NZ"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-NZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-NZ"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-PH"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-PH"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-PH"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-PH"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-SG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-SG"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-SG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-SG"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-TT"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-TT"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ValueName",
                "value": "en-TT"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-TT"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c8"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349579000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70102e85a",
            "parentcaller": "0x7ff70101d68a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734957a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d6e0",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\MSFTEDIT"
              },
              {
                "name": "DllBase",
                "value": "0x7ff98de00000"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d6e0",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "MSFTEDIT.DLL"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff98de00000"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d6e0",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff98de00000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "MSFTEDIT.DLL"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff701028d13",
            "parentcaller": "0x7ff70101d755",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x000001f8"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d779",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1450",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#141"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 654
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x173493b00b8"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734943b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6030000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a603f000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ec"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ec"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-06-30 02:26:20,276",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a6030000"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6030000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a6033f10"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734943c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f0"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleDropTargetInterface"
              },
              {
                "name": "Atom",
                "value": "0x0000c020"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleDropTargetMarshalHwnd"
              },
              {
                "name": "Atom",
                "value": "0x0000c021"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a93b0000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70101d79d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a93b0000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff700fe76a5",
            "parentcaller": "0x7ff700fe6f39",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349391000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff701045405",
            "parentcaller": "0x7ff701061c53",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c860000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff701045405",
            "parentcaller": "0x7ff701061c53",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c860000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff701045405",
            "parentcaller": "0x7ff701061c53",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c862000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff700ff6195",
            "parentcaller": "0x7ff700ff5ddd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c863000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff701065b4c",
            "parentcaller": "0x7ff70102cbbb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c865000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff70102ce35",
            "parentcaller": "0x7ff70102c92c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c867000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff701045405",
            "parentcaller": "0x7ff70106190f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c868000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-06-30 02:26:20,292",
            "thread_id": "336",
            "caller": "0x7ff7010669a3",
            "parentcaller": "0x7ff70102d0b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c86a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f8"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "Recent File List"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "File1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File1"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "File1"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Web\\Wallpaper\\MeetRevision\\v2\\lockscreen.jpg"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File1"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f8"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Recent File List"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "File2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File2"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f8"
              },
              {
                "name": "SubKey",
                "value": "Recent File List"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "File3"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File3"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f8"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "Recent File List"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "File4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File4"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f8"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Recent File List"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "File5"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File5"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Recent File List"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "File6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File6"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Recent File List"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "File7"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File7"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Recent File List"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "File8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File8"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Recent File List"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "File9"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File9"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Settings"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Settings"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "PreviewPages"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Settings\\PreviewPages"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e886",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-06-30 02:26:20,307",
            "thread_id": "336",
            "caller": "0x7ff70103e8a9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8a9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8a9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8a9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8a9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8a9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8a9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8a9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "NoStretching"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\NoStretching"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8a9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8d2",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8d2",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8d2",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8d2",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8d2",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8d2",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8d2",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8d2",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ShowThumbnail"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowThumbnail"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8d2",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8f4",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8f4",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8f4",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8f4",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8f4",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8f4",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8f4",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8f4",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "ShowAllFiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowAllFiles"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e8f4",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e910",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e910",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e910",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e910",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e910",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e910",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e910",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e910",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "BMPWidth"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\BMPWidth"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e910",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e92e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e92e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e92e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e92e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e92e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e92e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e92e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e92e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "BMPHeight"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\BMPHeight"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e92e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103e9c2",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103ea35",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "WindowPlacement"
              },
              {
                "name": "Data",
                "value": ",\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x8f\\x00\\x00\\x00Y\\x00\\x00\\x00\\x0f\\x05\\x00\\x00)\\x03\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\WindowPlacement"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103eb42",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103eb5e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-06-30 02:26:20,323",
            "thread_id": "336",
            "caller": "0x7ff70103eb5e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb5e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb5e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb5e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb5e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb5e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb5e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "ThumbXPos"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbXPos"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb5e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "ThumbYPos"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbYPos"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb9b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb9b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb9b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb9b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb9b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb9b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb9b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb9b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ThumbWidth"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbWidth"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103eb9b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ebb9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ebb9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ebb9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ebb9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ebb9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ebb9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ebb9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ebb9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "ThumbHeight"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbHeight"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ebb9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "UnitSetting"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\UnitSetting"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec6c",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec6c",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec6c",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec6c",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec6c",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec6c",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec6c",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec6c",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ShowRulers"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowRulers"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec6c",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec8e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec8e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec8e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec8e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec8e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec8e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec8e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec8e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "ShowGrid"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowGrid"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ec8e",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecb0",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecb0",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecb0",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecb0",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecb0",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecb0",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecb0",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecb0",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "ShowStatusBar"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowStatusBar"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecb0",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecd9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecd9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecd9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecd9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecd9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecd9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Text"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecd9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecd9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "ShowTextTool"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\ShowTextTool"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecd9",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecfe",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecfe",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecfe",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecfe",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecfe",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecfe",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Text"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecfe",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-06-30 02:26:20,339",
            "thread_id": "336",
            "caller": "0x7ff70103ecfe",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "PointSize"
              },
              {
                "name": "Data",
                "value": "11"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PointSize"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ecfe",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed20",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed20",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed20",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed20",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed20",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed20",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Text"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed20",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed20",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "Bold"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Bold"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed20",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed42",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed42",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed42",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed42",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed42",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed42",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Text"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed42",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed42",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "Underline"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Underline"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed42",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed64",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed64",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed64",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed64",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed64",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed64",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Text"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed64",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed64",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "Italic"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Italic"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed64",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed86",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed86",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed86",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed86",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed86",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed86",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Text"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed86",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed86",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "Strikeout"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Strikeout"
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ed86",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103eda8",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103eda8",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103eda8",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103eda8",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103eda8",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103eda8",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Text"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 968
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103eda8",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103eda8",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "PositionX"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PositionX"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103eda8",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edca",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edca",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edca",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edca",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edca",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edca",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Text"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edca",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edca",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "PositionY"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PositionY"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edca",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edfa",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edfa",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edfa",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edfa",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edfa",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edfa",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Text"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edfa",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edfa",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "TypeFaceName"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\TypeFaceName"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edfa",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "TypeFaceName"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\TypeFaceName"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103edfa",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ee4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ee4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ee4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ee4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ee4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ee4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Keyboard"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ee4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ee4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "MinimumDistance"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MinimumDistance"
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ee4a",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-06-30 02:26:20,354",
            "thread_id": "336",
            "caller": "0x7ff70103ee70",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee70",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee70",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee70",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee70",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee70",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Keyboard"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee70",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee70",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "MaximumDistance"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MaximumDistance"
              }
            ],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee70",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee96",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee96",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee96",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee96",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee96",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee96",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Keyboard"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee96",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee96",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "MinimumTime"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MinimumTime"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ee96",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eebc",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eebc",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eebc",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eebc",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eebc",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1022
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eebc",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Keyboard"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eebc",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eebc",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "MaximumTime"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MaximumTime"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eebc",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eedf",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eedf",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eedf",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eedf",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eedf",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eedf",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Text"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eedf",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eedf",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "CharSet"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\CharSet"
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103eedf",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef39",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef39",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef39",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef39",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef39",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef39",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Text"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef39",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef39",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": "TextPen"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\TextPen"
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef39",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef5b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef5b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef5b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef5b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef5b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef5b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef5b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef5b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "ValueName",
                "value": "SnapToGrid"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\SnapToGrid"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef5b",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f4"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "View"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "ValueName",
                "value": "GridExtent"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\GridExtent"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103ef7d",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103e76c",
            "parentcaller": "0x7ff70103efad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software"
              },
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103e7b7",
            "parentcaller": "0x7ff70103efad",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000304"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103e7f9",
            "parentcaller": "0x7ff70103efad",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000300"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "Handle",
                "value": "0x000002f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103e809",
            "parentcaller": "0x7ff70103efad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103e819",
            "parentcaller": "0x7ff70103efad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70103efce",
            "parentcaller": "0x7ff70101d7ee",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f4"
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff701002642",
            "parentcaller": "0x7ff70101d7f3",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff701002642",
            "parentcaller": "0x7ff70101d7f3",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-06-30 02:26:20,370",
            "thread_id": "336",
            "caller": "0x7ff70101d353",
            "parentcaller": "0x7ff70101d7fb",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a9600000"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d353",
            "parentcaller": "0x7ff70101d7fb",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\XmlLite"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a2820000"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d353",
            "parentcaller": "0x7ff70101d7fb",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\UIRibbon"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9870a0000"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d353",
            "parentcaller": "0x7ff70101d7fb",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\UIRibbon.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9870a0000"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d353",
            "parentcaller": "0x7ff70101d7fb",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "926749FA-2615-4987-8845-C33E65F2B957"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "F4F0385D-6872-43A8-AD09-4C339CB3F5C5"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d8a0",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1340",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#1"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d8c6",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#4"
              },
              {
                "name": "Name",
                "value": "#5"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d8c6",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff989740000"
              },
              {
                "name": "Type",
                "value": "#4"
              },
              {
                "name": "Name",
                "value": "#5"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d8c6",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#4"
              },
              {
                "name": "Name",
                "value": "#5"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d8c6",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#9"
              },
              {
                "name": "Name",
                "value": "#5"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d8d8",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#4"
              },
              {
                "name": "Name",
                "value": "#5"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d8d8",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff989740000"
              },
              {
                "name": "Type",
                "value": "#4"
              },
              {
                "name": "Name",
                "value": "#5"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d8d8",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#4"
              },
              {
                "name": "Name",
                "value": "#5"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70101d8d8",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#9"
              },
              {
                "name": "Name",
                "value": "#5"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70105d200",
            "parentcaller": "0x7ff70101da67",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff70105d200",
            "parentcaller": "0x7ff70101da67",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff700fe9271",
            "parentcaller": "0x7ff700fe947b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c86c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000350"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\WindowsRuntime"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000354"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ActivatableClassId"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId"
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000354"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.EnterpriseData.ProtectionPolicyManager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000358"
              },
              {
                "name": "KeyInformation",
                "value": "5s\\x06\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00n\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00E\\x00n\\x00t\\x00e\\x00r\\x00p\\x00r\\x00i\\x00s\\x00e\\x00D\\x00a\\x00t\\x00a\\x00.\\x00P\\x00r\\x00o\\x00t\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00P\\x00o\\x00l\\x00i\\x00c\\x00y\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00\\x00\\x00\\xff9e\\xffbe\\xffb2  \\xff9b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00x\\xffde\\xffde^\\x1e\\x00\\x00\\x00\\x0e\\xffbc\\xffb2  \\xff9b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0003DIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\xffe0zBIs\\x01\\x00\\x00\\xffc0\\xffde\\xffde^\\x1e\\x00\\x00\\x00\\xffa4L\\xffb5\\xff87\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffff\\xffffP\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffcd$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xffe8#\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xffe0zBIs\\x01\\x00\\x00\\xffc8\\xffd5\\xffd7\\xff87\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00s\\x01\\x00\\x00\\xff98$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00P\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xff80$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xffb0\\xffde\\xffde^\\x1e\\x00\\x00\\x00h\\xffd9\\xffd7\\xff87\\xfff9\\x7f\\x00\\x00\\xffc0\\xffde\\xffde^\\x1e\\x00\\x00\\x00\\xffe0yBIs\\x01\\x00\\x00\\xffc0\\xffddr\\xffa9\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00s\\x01\\x00\\x00@\\xffe0\\xffde^\\x1e\\x00\\x00\\x00\\xffe0zBIs\\x01\\x00\\x0003DIs\\x01\\x00\\x00\\xfff0\\xff9cCIs\\x01\\x00\\x00\\xffd76p\\xffa9\\xfff9\\x7f\\x00\\x00$\\x00&\\x00\\x00\\x00\\x00\\x00\\xfffcyBIs\\x01\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffb0\\xffde\\xffde^\\x1e\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xffccBIs\\x01\\x00\\x00\\xfff2\\xffd0r\\xffa9\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Server"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000358"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-06-30 02:26:20,385",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\Wldp"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a7a90000"
              }
            ],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\windows.storage"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a6230000"
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6230000"
              }
            ],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a6230000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\windows.storage.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a6230000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a6331ee0"
              }
            ],
            "repeated": 0,
            "id": 1110
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a6230000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a63b2b80"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a6230000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a63b9c50"
              }
            ],
            "repeated": 0,
            "id": 1112
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1114
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70102ea94",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1115
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000310"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000354"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT"
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000310"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffb0\\xffa6%\\xffce}\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\xff80\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00S\\x00e\\x00c\\x00u\\x00r\\x00i\\x00t\\x00y\\x00.\\x00E\\x00n\\x00t\\x00e\\x00r\\x00p\\x00r\\x00i\\x00s\\x00e\\x00D\\x00a\\x00t\\x00a\\x00.\\x00P\\x00r\\x00o\\x00t\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00P\\x00o\\x00l\\x00i\\x00c\\x00y\\x00M\\x00a\\x00n\\x00a\\x00g\\x00e\\x00r\\x00P\\x00r\\x00i\\x00v\\x00a\\x00t\\x00e\\x00P\\x00T\\x00p\\xffebAIs\\x01\\x00\\x00\\x19\\xffde\\xffde^\\x1e\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00s\\x01\\x00\\x00\\xffa0\\x14&Is\\x01\\x00\\x00h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00&Is\\x01\\x00\\x00\\xffc4\\x02&Is\\x01\\x00\\x00\\xff95\\x00\\x00\\xff95s\\x01\\x00\\x00XU\\xff9b\\xffa9\\xfff9\\x7f\\x00\\x00HRCIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0\\xffde\\xffde^\\x1e\\x00\\x00\\x00\\xff98kp\\xffa9\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00s\\x01\\x00\\x00`4DIs\\x01\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00 RCIs\\x01\\x00\\x00`4DIs\\x01\\x00\\x00\\xff90\\xffd8BIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x03@I\\x02\\x00\\x00\\x00\\xffa6Ap\\xffa9\\xfff9\\x7f\\x00\\x00\\xfff0\\xff88DIs\\x01\\x00\\x00\\xff90\\xffd8BIs\\x01\\x00\\x00\\xff80\\xffa3CIs\\x01\\x00\\x00\\xff80\\xffa3CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`4DIs\\x01\\x00\\x00\\xff80\\xffa3CIs\\x01\\x00\\x00\\xffd76p\\xffa9\\xfff9\\x7f\\x00\\x00P}BIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P}BIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\xffe0\\xffdf\\xffde^\\x1e\\x00\\x00\\x00\\xffa1Ep\\xffa9\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Server"
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\efswrt.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000310"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1129
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 1132
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 1133
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\xe2\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\xff\\xff\\xff\\xff\\xc8\\xd5\\xd7\\x87\\xf9\\x7f\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x14\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xf8\\xe2\\xde^\\x1e\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfb\\xb0F\\xa8\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\wintypes"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a4dc0000"
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\efswrt"
              },
              {
                "name": "DllBase",
                "value": "0x7ff988f00000"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\efswrt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff988f00000"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff988f00000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\efswrt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "efswrt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff988f00000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff988f05da0"
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "efswrt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff988f00000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff988f05bc0"
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "efswrt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff988f00000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff988f05b50"
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000354"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.ApplicationModel.Core.CoreApplication"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication"
              }
            ],
            "repeated": 0,
            "id": 1144
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003a8"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff8aX\\x17\\xffce}\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00Z\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00M\\x00o\\x00d\\x00e\\x00l\\x00.\\x00C\\x00o\\x00r\\x00e\\x00.\\x00C\\x00o\\x00r\\x00e\\x00A\\x00p\\x00p\\x00l\\x00i\\x00c\\x00a\\x00t\\x00i\\x00o\\x00n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00k\\xffb8\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\x0f\\x00\\x17\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffebAIs\\x01\\x00\\x00\\xffc9\\xffdc\\xffde^\\x1e\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00s\\x01\\x00\\x00\\xffa0\\x14&Is\\x01\\x00\\x00h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00&Is\\x01\\x00\\x00\\xffc4\\x02&Is\\x01\\x00\\x00\\x0b\\x01\\x00\ns\\x01\\x00\\x00XU\\xff9b\\xffa9\\xfff9\\x7f\\x00\\x008_CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffdd\\xffde^\\x1e\\x00\\x00\\x00\\xff98kp\\xffa9\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00s\\x01\\x00\\x00`]CIs\\x01\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\x10_CIs\\x01\\x00\\x00`]CIs\\x01\\x00\\x00\\xff90\\xffd2BIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x03@I\\x02\\x00\\x00\\x00\\xffa6Ap\\xffa9\\xfff9\\x7f\\x00\\x00\\xfff0\\xff8aDIs\\x01\\x00\\x00\\xff90\\xffd2BIs\\x01\\x00\\x00\\xff80\\xffa3CIs\\x01\\x00\\x00\\xff80\\xffa3CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`]CIs\\x01\\x00\\x00\\xff80\\xffa3CIs\\x01\\x00\\x00\\xffd76p\\xffa9\\xfff9\\x7f\\x00\\x000pBIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000pBIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\xff90\\xffde\\xffde^\\x1e\\x00\\x00\\x00\\xffa1Ep\\xffa9\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server"
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-06-30 02:26:20,401",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1149
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a8"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1153
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\twinapi.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a10f0000"
              }
            ],
            "repeated": 0,
            "id": 1159
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a10f0000"
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a10f0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a10f0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a1142010"
              }
            ],
            "repeated": 0,
            "id": 1162
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a10f0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a113ead0"
              }
            ],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a10f0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a114d8f0"
              }
            ],
            "repeated": 0,
            "id": 1164
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a12e3000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a12e3000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1166
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa6f950"
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c4"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9aaa42ad0"
              },
              {
                "name": "Parameter",
                "value": "0x17349400b50"
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9a114f506",
            "parentcaller": "0x7ff9a11109df",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9a97708cd",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000354"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Foundation.Collections.PropertySet"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet"
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9a9770927",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003d0"
              },
              {
                "name": "KeyInformation",
                "value": "<\\x1d\\x1c\\xffce}\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00T\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00F\\x00o\\x00u\\x00n\\x00d\\x00a\\x00t\\x00i\\x00o\\x00n\\x00.\\x00C\\x00o\\x00l\\x00l\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00s\\x00.\\x00P\\x00r\\x00o\\x00p\\x00e\\x00r\\x00t\\x00y\\x00S\\x00e\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00k\\xffb8\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\x0c\\x00\t\\x00\\x00\\x00\\x00\\x00G\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffebAIs\\x01\\x00\\x00\\xffc9\\xffea?_\\x1e\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00s\\x01\\x00\\x00\\xffa0\\x14&Is\\x01\\x00\\x00h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00&Is\\x01\\x00\\x00\\xffc4\\x02&Is\\x01\\x00\\x00\\x07\\x00\\x00\\x07s\\x01\\x00\\x00XU\\xff9b\\xffa9\\xfff9\\x7f\\x00\\x00\\x18^CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff90\\xffeb?_\\x1e\\x00\\x00\\x00\\xff98kp\\xffa9\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00s\\x01\\x00\\x00p\\xffddDIs\\x01\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\xfff0]CIs\\x01\\x00\\x00p\\xffddDIs\\x01\\x00\\x00P\\xffd4BIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x03@I\\x02\\x00\\x00\\x00\\xffa6Ap\\xffa9\\xfff9\\x7f\\x00\\x00\\xffc0\\xffdeDIs\\x01\\x00\\x00P\\xffd4BIs\\x01\\x00\\x000\\xffa9CIs\\x01\\x00\\x000\\xffa9CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffddDIs\\x01\\x00\\x000\\xffa9CIs\\x01\\x00\\x00\\xffd76p\\xffa9\\xfff9\\x7f\\x00\\x00p\\xffbcDIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00?_\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xffbcDIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\xff90\\xffec?_\\x1e\\x00\\x00\\x00\\xffa1Ep\\xffa9\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1175
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97807bb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading"
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9a97356ac",
            "parentcaller": "0x7ff9a979b1b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003d0"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 1181
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-06-30 02:26:20,417",
            "thread_id": "3932",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9774022",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 1186
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1187
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a976ab76",
            "parentcaller": "0x7ff9a976f113",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a4dc0000"
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a4dc0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d3d7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a4dc0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a4dc95a0"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d3f0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a4dc0000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a4dc9100"
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d410",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a4dc0000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a4dd47c0"
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a4efc000"
              },
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a4efc000"
              },
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1195
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a96de87e",
            "parentcaller": "0x7ff9a970ced5",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1196
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a1119434",
            "parentcaller": "0x7ff9a1118f96",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a11194af",
            "parentcaller": "0x7ff9a1118f96",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\xb0\\xf2DIs\\x01\\x00\\x00 \\x00 \\x00\\x00\\x00\\x00\\x00\\xd8\\xf2DIs\\x01\\x00\\x00\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xf2DIs\\x01\\x00\\x00T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdb#\\x1d\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a845ef7c",
            "parentcaller": "0x7ff9a845eb19",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1199
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845f960",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1200
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a845f984",
            "parentcaller": "0x7ff9a845eb81",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\XAML"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\XAML"
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a845e5d4",
            "parentcaller": "0x7ff9a115164d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              },
              {
                "name": "ValueName",
                "value": "OneCoreTransformsEnabledByDefault"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault"
              }
            ],
            "repeated": 0,
            "id": 1202
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a845e608",
            "parentcaller": "0x7ff9a115164d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d0"
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9a8462d8a",
            "parentcaller": "0x7ff9a970b7c6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a9530000"
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "3932",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c4"
              }
            ],
            "repeated": 0,
            "id": 1207
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c86d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1211
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349450000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349452000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003d4"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003d4"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1220
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349454000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x000003d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "AppID\\mspaint.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\mspaint.exe"
              }
            ],
            "repeated": 1,
            "id": 1225
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x000003d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              },
              {
                "name": "ValueName",
                "value": "RaiseDefaultAuthnLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel"
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1228
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\OLE"
              },
              {
                "name": "Handle",
                "value": "0x000003d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              },
              {
                "name": "ValueName",
                "value": "DefaultAccessPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003d8"
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\x17DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1233
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d8"
              }
            ],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00002100"
              }
            ],
            "repeated": 0,
            "id": 1235
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1236
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1237
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1238
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1239
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003dc"
              }
            ],
            "repeated": 0,
            "id": 1240
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1241
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1242
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1243
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00001198"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.COM.DISABLE.4504"
              }
            ],
            "repeated": 0,
            "id": 1244
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.IEC.STATUS.6c736db0"
              }
            ],
            "repeated": 0,
            "id": 1245
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349457000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1246
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "Handle",
                "value": "0x000003e6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 1247
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003e6"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000003ea"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1248
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ea"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1249
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ea"
              }
            ],
            "repeated": 0,
            "id": 1250
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e6"
              }
            ],
            "repeated": 0,
            "id": 1251
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1252
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000003e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1253
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 1254
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1255
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x80DIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1256
          },
          {
            "timestamp": "2026-06-30 02:26:20,432",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0|DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1257
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1258
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "hOEIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1259
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1260
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xa9CIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1261
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\x1e\\xab\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xd0\\xd7\\xde^\\x1e\\x00\\x00\\x00\\xc8\\xd7\\xde^\\x1e\\x00\\x00\\x00\\x98\\xd7\\xde^\\x1e\\x00\\x00\\x00\\xb8\\xd7\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1262
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xa9CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\xd5\\xde^\\x1e\\x00\\x00\\x00\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1263
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1264
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x81DIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1265
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\x84DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\xadU?\\xac\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00e\\x00s\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1266
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1267
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8PEIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1268
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1269
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x9aCIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1270
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xfe\\xaf\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x000\\xd4\\xde^\\x1e\\x00\\x00\\x00(\\xd4\\xde^\\x1e\\x00\\x00\\x00\\xf8\\xd3\\xde^\\x1e\\x00\\x00\\x00\\x18\\xd4\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1271
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x9aCIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x18\\xd2\\xde^\\x1e\\x00\\x00\\x00\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1272
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e4"
              }
            ],
            "repeated": 0,
            "id": 1273
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e8"
              }
            ],
            "repeated": 0,
            "id": 1274
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1275
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a96b0000"
              }
            ],
            "repeated": 0,
            "id": 1276
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff9a977adb0"
              },
              {
                "name": "Parameter",
                "value": "0x1734942ce10"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3680"
              },
              {
                "name": "ProcessId",
                "value": "4504"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 1277
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000003d4",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff9a977adb0"
              },
              {
                "name": "Parameter",
                "value": "0x1734942ce10"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "3680"
              },
              {
                "name": "ProcessId",
                "value": "4504"
              }
            ],
            "repeated": 0,
            "id": 1278
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1279
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1280
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000003d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1281
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003f0"
              }
            ],
            "repeated": 0,
            "id": 1282
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1283
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x87DIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00w\\x00i\\x00n\\x00t\\x00y\\x00p\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1284
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p\\x81DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1285
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1286
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18QEIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1287
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1288
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xa5CIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1289
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00n\\xb7\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xa0\\xdb\\xde^\\x1e\\x00\\x00\\x00\\x98\\xdb\\xde^\\x1e\\x00\\x00\\x00h\\xdb\\xde^\\x1e\\x00\\x00\\x00\\x88\\xdb\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1290
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xa5CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xd9\\xde^\\x1e\\x00\\x00\\x00\\xf0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1291
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1292
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H\\x83DIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1293
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P}DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\\\x00W\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00W\\x00i\\x00n\\x00T\\x00y\\x00p\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1294
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1295
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "3680",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1296
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "3680",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9a977adb0"
              },
              {
                "name": "Parameter",
                "value": "0x1734942ce10"
              }
            ],
            "repeated": 0,
            "id": 1297
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8REIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1298
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "3680",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349459000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1299
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1300
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xa3CIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1301
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xce\\xab\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\x00\\xd8\\xde^\\x1e\\x00\\x00\\x00\\xf8\\xd7\\xde^\\x1e\\x00\\x00\\x00\\xc8\\xd7\\xde^\\x1e\\x00\\x00\\x00\\xe8\\xd7\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1302
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xa3CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd5\\xde^\\x1e\\x00\\x00\\x00\\xf0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1303
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1304
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f0"
              }
            ],
            "repeated": 0,
            "id": 1305
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1306
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000003f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1307
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1308
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1309
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x80DIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00h\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00"
              }
            ],
            "repeated": 0,
            "id": 1310
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p~DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1311
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1312
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "8REIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1313
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1314
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xa3CIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1315
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00n\\xb7\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xa0\\xdb\\xde^\\x1e\\x00\\x00\\x00\\x98\\xdb\\xde^\\x1e\\x00\\x00\\x00h\\xdb\\xde^\\x1e\\x00\\x00\\x00\\x88\\xdb\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1316
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xa3CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xd9\\xde^\\x1e\\x00\\x00\\x00\\xd4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1317
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1318
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\x85DIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00t\\x00w\\x00i\\x00n\\x00a\\x00p\\x00i\\x00.\\x00a\\x00p\\x00p\\x00c\\x00o\\x00r\\x00"
              }
            ],
            "repeated": 0,
            "id": 1319
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10{DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1320
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1321
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98OEIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1322
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1323
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xa6CIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1324
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xce\\xab\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\x00\\xd8\\xde^\\x1e\\x00\\x00\\x00\\xf8\\xd7\\xde^\\x1e\\x00\\x00\\x00\\xc8\\xd7\\xde^\\x1e\\x00\\x00\\x00\\xe8\\xd7\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1325
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xa6CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd5\\xde^\\x1e\\x00\\x00\\x00\\xd4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1326
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f0"
              }
            ],
            "repeated": 0,
            "id": 1327
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1328
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1329
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000003d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1330
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003f0"
              }
            ],
            "repeated": 0,
            "id": 1331
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1332
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H\\x83DIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1333
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P}DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\\\x00W\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00W\\x00i\\x00n\\x00T\\x00y\\x00p\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1334
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1335
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "hOEIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1336
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1337
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8\\xa0CIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1338
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00n\\xb7\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xa0\\xdb\\xde^\\x1e\\x00\\x00\\x00\\x98\\xdb\\xde^\\x1e\\x00\\x00\\x00h\\xdb\\xde^\\x1e\\x00\\x00\\x00\\x88\\xdb\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1339
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\xa0CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xd9\\xde^\\x1e\\x00\\x00\\x00\\xf0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1340
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1341
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\x83DIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1342
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90yDIs\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1343
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1344
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08OEIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1345
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1346
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xa5CIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1347
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xce\\xab\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\x00\\xd8\\xde^\\x1e\\x00\\x00\\x00\\xf8\\xd7\\xde^\\x1e\\x00\\x00\\x00\\xc8\\xd7\\xde^\\x1e\\x00\\x00\\x00\\xe8\\xd7\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1348
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xa5CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd5\\xde^\\x1e\\x00\\x00\\x00\\xf0\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1349
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1350
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f0"
              }
            ],
            "repeated": 0,
            "id": 1351
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1352
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000003f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1353
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1354
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1355
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8~DIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1356
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P}DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\\\x00U\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1357
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1358
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08UEIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1359
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1360
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xa3CIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1361
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00n\\xb7\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xa0\\xdb\\xde^\\x1e\\x00\\x00\\x00\\x98\\xdb\\xde^\\x1e\\x00\\x00\\x00h\\xdb\\xde^\\x1e\\x00\\x00\\x00\\x88\\xdb\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1362
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xa3CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x88\\xd9\\xde^\\x1e\\x00\\x00\\x00\\xd4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1363
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1364
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "h~DIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1365
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x82DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1366
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1367
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8TEIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1368
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1369
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\x9eCIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1370
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xce\\xab\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\x00\\xd8\\xde^\\x1e\\x00\\x00\\x00\\xf8\\xd7\\xde^\\x1e\\x00\\x00\\x00\\xc8\\xd7\\xde^\\x1e\\x00\\x00\\x00\\xe8\\xd7\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1371
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x9eCIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xe8\\xd5\\xde^\\x1e\\x00\\x00\\x00\\xd4\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1372
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734945a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1373
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f0"
              }
            ],
            "repeated": 0,
            "id": 1374
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1375
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1376
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734945c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1377
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "3932",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a9c24a33",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003f0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1378
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "3932",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734945e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1379
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{C50898F6-C536-5F47-8583-8B2C2438A13B}"
              },
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{C50898F6-C536-5F47-8583-8B2C2438A13B}"
              }
            ],
            "repeated": 0,
            "id": 1380
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003fe"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{c50898f6-c536-5f47-8583-8b2c2438a13b}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1381
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{c50898f6-c536-5f47-8583-8b2c2438a13b}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1382
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 1383
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              }
            ],
            "repeated": 0,
            "id": 1384
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000306"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              },
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              }
            ],
            "repeated": 0,
            "id": 1385
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1386
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1387
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xc2\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xfe\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00@\\xc3\\xde^\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1388
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1389
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1390
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003fe"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1391
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1392
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1393
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1394
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Ptype_PSFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1395
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003fe"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1396
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1397
          },
          {
            "timestamp": "2026-06-30 02:26:20,448",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1398
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1399
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1400
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 1401
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1402
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1403
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc0\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xfe\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\xd0\\xc1\\xde^\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1404
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1405
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1406
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003fe"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1407
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1408
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1409
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xc0\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xfe\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\xd0\\xc1\\xde^\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1410
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1411
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1412
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003fe"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1413
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              }
            ],
            "repeated": 0,
            "id": 1414
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1415
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1416
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000306"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              },
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              }
            ],
            "repeated": 0,
            "id": 1417
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1418
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1419
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xbf\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xfe\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\xc0\\xde^\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1420
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1421
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1422
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003fe"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1423
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1424
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 1425
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1426
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Ptype_PSFactory"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1427
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003fe"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1428
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1429
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1430
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1431
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 1432
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 1433
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1434
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1435
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xbd\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xfe\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x90\\xbe\\xde^\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1436
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1437
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1438
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003fe"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 1439
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1440
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1441
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xbd\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xfe\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x90\\xbe\\xde^\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1442
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1443
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1444
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003fe"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 1445
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003fe"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 1446
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 1447
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1448
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1449
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xbc\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xfe\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\xd0\\xbd\\xde^\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1450
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1451
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fe"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1452
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003fe"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 1453
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000306"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              },
              {
                "name": "Handle",
                "value": "0x00000406"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              }
            ],
            "repeated": 0,
            "id": 1454
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000406"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 1455
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000406"
              }
            ],
            "repeated": 0,
            "id": 1456
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fe"
              }
            ],
            "repeated": 0,
            "id": 1457
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              },
              {
                "name": "Handle",
                "value": "0x0000040a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}"
              }
            ],
            "repeated": 0,
            "id": 1458
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000040a"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 1459
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040a"
              }
            ],
            "repeated": 0,
            "id": 1460
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1461
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1462
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1463
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000408"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1464
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 1465
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1466
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "(yDIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1467
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "p~DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\\\x00U\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1468
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1469
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18TEIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1470
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1471
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xa5CIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1472
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\x9e\\xb4\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00P\\xd9\\xde^\\x1e\\x00\\x00\\x00H\\xd9\\xde^\\x1e\\x00\\x00\\x00\\x18\\xd9\\xde^\\x1e\\x00\\x00\\x008\\xd9\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1473
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\xa5CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xd7\\xde^\\x1e\\x00\\x00\\x00\\x0c\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1474
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1475
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "H}DIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00h\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00"
              }
            ],
            "repeated": 0,
            "id": 1476
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\x82DIs\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1477
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1478
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08UEIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1479
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1480
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xa3CIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 1481
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00~\\xa9\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xb0\\xd5\\xde^\\x1e\\x00\\x00\\x00\\xa8\\xd5\\xde^\\x1e\\x00\\x00\\x00x\\xd5\\xde^\\x1e\\x00\\x00\\x00\\x98\\xd5\\xde^"
              }
            ],
            "repeated": 0,
            "id": 1482
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xa3CIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xd3\\xde^\\x1e\\x00\\x00\\x00\\x0c\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 1483
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000408"
              }
            ],
            "repeated": 0,
            "id": 1484
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058f05",
            "parentcaller": "0x7ff70101db0c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 1485
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff70107cbf5",
            "parentcaller": "0x7ff700fe7c70",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c86e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1486
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff70107cbf5",
            "parentcaller": "0x7ff700fe7c70",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c86f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1487
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff70107cbf5",
            "parentcaller": "0x7ff700fe7c70",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c870000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1488
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff70101dc25",
            "parentcaller": "0x7ff70107f0f9",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x17349447a40",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x7c67448d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0812"
              }
            ],
            "repeated": 0,
            "id": 1489
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff70101dcdb",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 1490
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701029678",
            "parentcaller": "0x7ff70101dd61",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 1491
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701029678",
            "parentcaller": "0x7ff70101dd61",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 1492
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701029678",
            "parentcaller": "0x7ff70101dd61",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1493
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701029678",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 1494
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701058d64",
            "parentcaller": "0x7ff70105823e",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1495
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 1496
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 1497
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1498
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 1499
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000074"
              },
              {
                "name": "ValueName",
                "value": "000603xx"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "kernel32.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx"
              }
            ],
            "repeated": 0,
            "id": 1500
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3d0000"
              }
            ],
            "repeated": 0,
            "id": 1501
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9aa3d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1502
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "SortGetHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3da190"
              }
            ],
            "repeated": 0,
            "id": 1503
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "SortCloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3efe60"
              }
            ],
            "repeated": 0,
            "id": 1504
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349460000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1505
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1506
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000040c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003fc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
              }
            ],
            "repeated": 0,
            "id": 1507
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000040c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734ca50000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5eded440"
              },
              {
                "name": "ViewSize",
                "value": "0x00338000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1508
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 1509
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 1510
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              }
            ],
            "repeated": 0,
            "id": 1511
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fc"
              },
              {
                "name": "ValueName",
                "value": "en-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US"
              }
            ],
            "repeated": 0,
            "id": 1512
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003fc"
              },
              {
                "name": "ValueName",
                "value": "en"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en"
              }
            ],
            "repeated": 0,
            "id": 1513
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff701019a3a",
            "parentcaller": "0x7ff701019892",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x000001f8"
              }
            ],
            "repeated": 0,
            "id": 1514
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1515
          },
          {
            "timestamp": "2026-06-30 02:26:20,464",
            "thread_id": "4776",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a9c24a33",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000410"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1516
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1517
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1518
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\sti"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99dff0000"
              }
            ],
            "repeated": 0,
            "id": 1519
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff994050000"
              }
            ],
            "repeated": 0,
            "id": 1520
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\sti.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99dff0000"
              }
            ],
            "repeated": 0,
            "id": 1521
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\wiatrace"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a4220000"
              }
            ],
            "repeated": 0,
            "id": 1522
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "wiatrace.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a4220000"
              }
            ],
            "repeated": 0,
            "id": 1523
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3d0000"
              }
            ],
            "repeated": 0,
            "id": 1524
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-security-sddl-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa510000"
              }
            ],
            "repeated": 0,
            "id": 1525
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "GetLocalTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1526
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9e53",
            "parentcaller": "0x7ff700ff8d58",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "A1F4E726-8CF1-11D1-BF92-0060081ED811"
              },
              {
                "name": "ClsContext",
                "value": "0x00004017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER|CLSCTX_NO_FAILURE_LOG"
              },
              {
                "name": "riid",
                "value": "5EB2502A-8CF1-11D1-BF92-0060081ED811"
              },
              {
                "name": "ProgID",
                "value": "WiaDevMgr.1"
              }
            ],
            "repeated": 0,
            "id": 1527
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1528
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a92a0000"
              }
            ],
            "repeated": 0,
            "id": 1529
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a92a0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1530
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a92a0000"
              },
              {
                "name": "FunctionName",
                "value": "ObjectStublessClient3"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a97d38b0"
              }
            ],
            "repeated": 0,
            "id": 1531
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1532
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1533
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349468000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1534
          },
          {
            "timestamp": "2026-06-30 02:26:23,682",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1535
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1536
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1537
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{5E38B83C-8CF1-11D1-BF92-0060081ED811}"
              },
              {
                "name": "Handle",
                "value": "0x0000042a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5E38B83C-8CF1-11D1-BF92-0060081ED811}"
              }
            ],
            "repeated": 0,
            "id": 1538
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000042a"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000042e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5E38B83C-8CF1-11D1-BF92-0060081ED811}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1539
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{4DB1AD10-3391-11D2-9A33-00C04FA36145}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5E38B83C-8CF1-11D1-BF92-0060081ED811}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1540
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042e"
              }
            ],
            "repeated": 0,
            "id": 1541
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042a"
              }
            ],
            "repeated": 0,
            "id": 1542
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349469000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1543
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1544
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9d93",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1545
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9db0",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1546
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9db0",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a92a0000"
              },
              {
                "name": "FunctionName",
                "value": "ObjectStublessClient7"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a97d38f0"
              }
            ],
            "repeated": 0,
            "id": 1547
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9db0",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1548
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9db0",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1549
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9db0",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1550
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9dd5",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1551
          },
          {
            "timestamp": "2026-06-30 02:26:23,698",
            "thread_id": "336",
            "caller": "0x7ff700ff9dd5",
            "parentcaller": "0x7ff700ff9e6c",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1552
          },
          {
            "timestamp": "2026-06-30 02:26:23,714",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1553
          },
          {
            "timestamp": "2026-06-30 02:26:23,714",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9530000"
              }
            ],
            "repeated": 0,
            "id": 1554
          },
          {
            "timestamp": "2026-06-30 02:26:23,714",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a9530000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1555
          },
          {
            "timestamp": "2026-06-30 02:26:23,714",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a9530000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "2"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a95422e0"
              }
            ],
            "repeated": 0,
            "id": 1556
          },
          {
            "timestamp": "2026-06-30 02:26:23,714",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1557
          },
          {
            "timestamp": "2026-06-30 02:26:23,714",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a95f8000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1558
          },
          {
            "timestamp": "2026-06-30 02:26:23,714",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a95f8000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1559
          },
          {
            "timestamp": "2026-06-30 02:26:23,714",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1560
          },
          {
            "timestamp": "2026-06-30 02:26:23,714",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a92a0000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a96dc030"
              }
            ],
            "repeated": 0,
            "id": 1561
          },
          {
            "timestamp": "2026-06-30 02:26:23,714",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1562
          },
          {
            "timestamp": "2026-06-30 02:26:23,729",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1563
          },
          {
            "timestamp": "2026-06-30 02:26:23,729",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "System\\CurrentControlSet\\Services\\StiSvc"
              },
              {
                "name": "Handle",
                "value": "0x0000042c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\StiSvc"
              }
            ],
            "repeated": 0,
            "id": 1564
          },
          {
            "timestamp": "2026-06-30 02:26:23,729",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              },
              {
                "name": "ValueName",
                "value": "ObjectName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\stisvc\\ObjectName"
              }
            ],
            "repeated": 2,
            "id": 1565
          },
          {
            "timestamp": "2026-06-30 02:26:23,729",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              },
              {
                "name": "ValueName",
                "value": "ObjectName"
              },
              {
                "name": "Data",
                "value": "NT Authority\\LocalService"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\stisvc\\ObjectName"
              }
            ],
            "repeated": 0,
            "id": 1566
          },
          {
            "timestamp": "2026-06-30 02:26:23,729",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1567
          },
          {
            "timestamp": "2026-06-30 02:26:23,729",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d12000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1568
          },
          {
            "timestamp": "2026-06-30 02:26:23,729",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d12000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1569
          },
          {
            "timestamp": "2026-06-30 02:26:23,729",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734946d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1570
          },
          {
            "timestamp": "2026-06-30 02:26:23,729",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1571
          },
          {
            "timestamp": "2026-06-30 02:26:23,745",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1572
          },
          {
            "timestamp": "2026-06-30 02:26:23,745",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x1f\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1573
          },
          {
            "timestamp": "2026-06-30 02:26:23,745",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x1f\\x1f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 1574
          },
          {
            "timestamp": "2026-06-30 02:26:23,745",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "\r\n**************** Started trace for Module: [sti.dll] in Executable [mspaint.exe] ProcessID: [4504] at 2026/06/29 19:26:23:693 ****************\r\n"
              },
              {
                "name": "Length",
                "value": "146"
              }
            ],
            "repeated": 0,
            "id": 1575
          },
          {
            "timestamp": "2026-06-30 02:26:23,745",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1576
          },
          {
            "timestamp": "2026-06-30 02:26:23,745",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1577
          },
          {
            "timestamp": "2026-06-30 02:26:23,745",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1578
          },
          {
            "timestamp": "2026-06-30 02:26:23,745",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\xb1\\x1f\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1579
          },
          {
            "timestamp": "2026-06-30 02:26:23,745",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb1\\x1f\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 1580
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "WIA: 4504.336 47 0 0 [sti.dll] AsyncRPCEventTransport::OpenConnectionToServer, AsyncRPC Connection established to server\r\n"
              },
              {
                "name": "Length",
                "value": "122"
              }
            ],
            "repeated": 0,
            "id": 1581
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1582
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1583
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1584
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1585
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00t!\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1586
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "t!\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 1587
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "WIA: 4504.336 78 0 0 [sti.dll] AsyncRPCEventTransport::OpenConnectionToServer, Got my context 00000173494550E0 from server\n\r\n"
              },
              {
                "name": "Length",
                "value": "125"
              }
            ],
            "repeated": 0,
            "id": 1588
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1589
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000042c"
              }
            ],
            "repeated": 0,
            "id": 1590
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "sti.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff99dff0000"
              }
            ],
            "repeated": 0,
            "id": 1591
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000042c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff99dff6b20"
              },
              {
                "name": "Parameter",
                "value": "0x1734c86fc00"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4516"
              },
              {
                "name": "ProcessId",
                "value": "4504"
              },
              {
                "name": "Module",
                "value": "sti.dll"
              }
            ],
            "repeated": 0,
            "id": 1592
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000042c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff99dff6b20"
              },
              {
                "name": "Parameter",
                "value": "0x1734c86fc00"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "4516"
              },
              {
                "name": "ProcessId",
                "value": "4504"
              }
            ],
            "repeated": 0,
            "id": 1593
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1594
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1595
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\xf1!\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1596
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "4516",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1597
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "4516",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff99dff6b20"
              },
              {
                "name": "Parameter",
                "value": "0x1734c86fc00"
              }
            ],
            "repeated": 0,
            "id": 1598
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "4516",
            "caller": "0x7ff9a8494d86",
            "parentcaller": "0x7ff99dff6353",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1599
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "4516",
            "caller": "0x7ff9a8494d86",
            "parentcaller": "0x7ff99dff6578",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1600
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf1!\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 1601
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "WIA: 4504.336 78 0 0 [sti.dll] WiaEventReceiver::Start, WiaEventReceiver Started...\r\n"
              },
              {
                "name": "Length",
                "value": "85"
              }
            ],
            "repeated": 0,
            "id": 1602
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1603
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1604
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "4516",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a4221390",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1605
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "4516",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a4221390",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1606
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a9530000"
              },
              {
                "name": "FunctionName",
                "value": "BSTR_UserSize64"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a9536670"
              }
            ],
            "repeated": 0,
            "id": 1607
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1608
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1609
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a9530000"
              },
              {
                "name": "FunctionName",
                "value": "BSTR_UserMarshal64"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a9536230"
              }
            ],
            "repeated": 0,
            "id": 1610
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1611
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "4516",
            "caller": "0x7ff9a84943ab",
            "parentcaller": "0x7ff9a42213bf",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00F\"\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1612
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "4516",
            "caller": "0x7ff9a849430b",
            "parentcaller": "0x7ff9a42213bf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "F\"\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 1613
          },
          {
            "timestamp": "2026-06-30 02:26:23,760",
            "thread_id": "4516",
            "caller": "0x7ff9a845aa86",
            "parentcaller": "0x7ff9a4221423",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "WIA: 4504.4516 78 0 0 [sti.dll] AsyncRPCEventTransport::CloseNotificationChannel, Closing the async notification channel...\r\n"
              },
              {
                "name": "Length",
                "value": "125"
              }
            ],
            "repeated": 0,
            "id": 1614
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "4516",
            "caller": "0x7ff9a8464cad",
            "parentcaller": "0x7ff9a4221432",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1615
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "4516",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a9c24a33",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000438"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1616
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1617
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1618
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\xf4#\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1619
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf4#\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 1620
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "WIA: 4504.336 94 0 0 [sti.dll] AsyncRPCEventTransport::SendRegisterUnregisterInfo, Sent RPC Register/Unregister information.\r\n"
              },
              {
                "name": "Length",
                "value": "126"
              }
            ],
            "repeated": 0,
            "id": 1621
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1622
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1623
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1624
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00r$\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1625
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "r$\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 1626
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "WIA: 4504.336 94 0 0 [sti.dll] WiaEventReceiver::SendRegisterUnregisterInfo, Added new registration:\r\n"
              },
              {
                "name": "Length",
                "value": "102"
              }
            ],
            "repeated": 0,
            "id": 1627
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1628
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1629
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a92a0000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromGUID2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a9708510"
              }
            ],
            "repeated": 0,
            "id": 1630
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e038000"
              },
              {
                "name": "ModuleName",
                "value": "sti.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1631
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1632
          },
          {
            "timestamp": "2026-06-30 02:26:23,776",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1633
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\xd8$\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1634
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xd8$\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 1635
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "WIA: 4504.336 94 0 0 [sti.dll] EventRegistrationInfo::Dump, dwFlags: 0x00000000, guidEvent: {A28BBADE-64B6-11D2-A231-00C04FA31809}, bstrDeviceID: *, callback: 0x000001734C86FCA0\r\n"
              },
              {
                "name": "Length",
                "value": "179"
              }
            ],
            "repeated": 0,
            "id": 1636
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "336",
            "caller": "0x7ff700ff9e9a",
            "parentcaller": "0x7ff700ff8d58",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1637
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "4516",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a4221390",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1638
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "4516",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a4221390",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1639
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "4516",
            "caller": "0x7ff9a84943ab",
            "parentcaller": "0x7ff9a42213bf",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x8b%\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1640
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "4516",
            "caller": "0x7ff9a849430b",
            "parentcaller": "0x7ff9a42213bf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x8b%\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 1641
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "4516",
            "caller": "0x7ff9a845aa86",
            "parentcaller": "0x7ff9a4221423",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "WIA: 4504.4516 110 0 0 [sti.dll] AsyncRPCEventTransport::OpenNotificationChannel, Opening the async notification channel...\r\n"
              },
              {
                "name": "Length",
                "value": "125"
              }
            ],
            "repeated": 0,
            "id": 1642
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "4516",
            "caller": "0x7ff9a8464cad",
            "parentcaller": "0x7ff9a4221432",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1643
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "4516",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff99dff6bc6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000428"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1644
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1645
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1646
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1647
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\xb0'\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1648
          },
          {
            "timestamp": "2026-06-30 02:26:23,792",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0'\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 1649
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "WIA: 4504.336 110 0 0 [sti.dll] AsyncRPCEventTransport::SendRegisterUnregisterInfo, Sent RPC Register/Unregister information.\r\n"
              },
              {
                "name": "Length",
                "value": "127"
              }
            ],
            "repeated": 0,
            "id": 1650
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1651
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1652
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1653
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00/(\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1654
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "/(\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 1655
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "WIA: 4504.336 125 0 0 [sti.dll] WiaEventReceiver::SendRegisterUnregisterInfo, Added new registration:\r\n"
              },
              {
                "name": "Length",
                "value": "103"
              }
            ],
            "repeated": 0,
            "id": 1656
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1657
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1658
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              },
              {
                "name": "Milliseconds",
                "value": "10000"
              }
            ],
            "repeated": 0,
            "id": 1659
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x96(\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1660
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x96(\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 1661
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000420"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\debug\\WIA\\wiatrace.log"
              },
              {
                "name": "Buffer",
                "value": "WIA: 4504.336 125 0 0 [sti.dll] EventRegistrationInfo::Dump, dwFlags: 0x00000000, guidEvent: {143E4E83-6497-11D2-A231-00C04FA31809}, bstrDeviceID: *, callback: 0x000001734C86FCA0\r\n"
              },
              {
                "name": "Length",
                "value": "180"
              }
            ],
            "repeated": 0,
            "id": 1662
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ec8",
            "parentcaller": "0x7ff700ff8d58",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000041c"
              }
            ],
            "repeated": 0,
            "id": 1663
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ee7",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1664
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff700ff9ee7",
            "parentcaller": "0x7ff700ff8d58",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1665
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1340",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#1"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1666
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#31234"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1667
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff989740000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#31234"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1668
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#31234"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1669
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#22"
              },
              {
                "name": "Name",
                "value": "#31234"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1670
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d178",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#2"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1671
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdb8b00",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d178"
              }
            ],
            "repeated": 0,
            "id": 1672
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c688",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#14"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1673
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdb6c68",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c688"
              }
            ],
            "repeated": 0,
            "id": 1674
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1675
          },
          {
            "timestamp": "2026-06-30 02:26:23,807",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1676
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b12e0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#4"
              },
              {
                "name": "Name",
                "value": "#2"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1677
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x173493b1aa0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x173493b12e0"
              }
            ],
            "repeated": 0,
            "id": 1678
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "SetWindowsHookExW",
            "status": true,
            "return": "0x0025034b",
            "arguments": [
              {
                "name": "HookIdentifier",
                "value": "5",
                "pretty_value": "WH_CBT"
              },
              {
                "name": "ProcedureAddress",
                "value": "0x7ff989747ff0"
              },
              {
                "name": "ModuleAddress",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 1679
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              }
            ],
            "repeated": 0,
            "id": 1680
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d178",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#2"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1681
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdb8b00",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d178"
              }
            ],
            "repeated": 0,
            "id": 1682
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c6a8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#16"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1683
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdb8698",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c6a8"
              }
            ],
            "repeated": 0,
            "id": 1684
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1685
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 8,
            "id": 1686
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 1687
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 1688
          },
          {
            "timestamp": "2026-06-30 02:26:23,823",
            "thread_id": "336",
            "caller": "0x7ff70101a0d0",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "USER32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              }
            ],
            "repeated": 0,
            "id": 1689
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70101a0d0",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#32512"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1690
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70101a0d0",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "Type",
                "value": "#22"
              },
              {
                "name": "Name",
                "value": "#32512"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1691
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff70103bb71",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 1692
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70103bc12",
            "parentcaller": "0x7ff70103b47f",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1900",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3152"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1693
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70103bc86",
            "parentcaller": "0x7ff70103b47f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1694
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70103bc86",
            "parentcaller": "0x7ff70103b47f",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1695
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff70103bb71",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 1696
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70103bc12",
            "parentcaller": "0x7ff70103b47f",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1900",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3152"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1697
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70101a0d0",
            "parentcaller": "0x7ff7010296ab",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000c0414"
              },
              {
                "name": "Message",
                "value": "0x00000362"
              }
            ],
            "repeated": 0,
            "id": 1698
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff701054068",
            "parentcaller": "0x7ff70101b3f8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0F7434B6-59B6-4250-999E-D168D6AE4293"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "18ABA7F3-4C1C-4BA2-BF6C-F5C3326FA816"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1699
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70101c6f5",
            "parentcaller": "0x7ff70101c435",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c874000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1700
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              }
            ],
            "repeated": 0,
            "id": 1701
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibraryExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3eadc0"
              }
            ],
            "repeated": 0,
            "id": 1702
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x1734d000002",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\UIRibbonRes.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000022"
              }
            ],
            "repeated": 0,
            "id": 1703
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 1704
          },
          {
            "timestamp": "2026-06-30 02:26:23,839",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349474000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1705
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "32665929-D77E-4AB5-8C08-FBF409B8A233"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "D19F56D0-3FCB-4BC0-9481-B4434F8F13AA"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1706
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 1707
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x1734d200000",
            "arguments": [
              {
                "name": "Options",
                "value": "1"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1708
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "4096"
              }
            ],
            "repeated": 5,
            "id": 1709
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d202000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1710
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              }
            ],
            "repeated": 0,
            "id": 1711
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "SwitchToThread"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3eb400"
              }
            ],
            "repeated": 0,
            "id": 1712
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "TryEnterCriticalSection"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa107e0"
              }
            ],
            "repeated": 0,
            "id": 1713
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "SetCriticalSectionSpinCount"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa61510"
              }
            ],
            "repeated": 0,
            "id": 1714
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1715
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c875000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1716
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\atlthunk"
              },
              {
                "name": "DllBase",
                "value": "0x7ff995fc0000"
              }
            ],
            "repeated": 0,
            "id": 1717
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "atlthunk.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff995fc0000"
              }
            ],
            "repeated": 0,
            "id": 1718
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff995fc0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "atlthunk.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1719
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "atlthunk.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff995fc0000"
              },
              {
                "name": "FunctionName",
                "value": "AtlThunk_AllocateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff995fc4300"
              }
            ],
            "repeated": 0,
            "id": 1720
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "atlthunk.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff995fc0000"
              },
              {
                "name": "FunctionName",
                "value": "AtlThunk_InitData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff995fc4590"
              }
            ],
            "repeated": 0,
            "id": 1721
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "atlthunk.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff995fc0000"
              },
              {
                "name": "FunctionName",
                "value": "AtlThunk_DataToCode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff995fc4010"
              }
            ],
            "repeated": 0,
            "id": 1722
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "atlthunk.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff995fc0000"
              },
              {
                "name": "FunctionName",
                "value": "AtlThunk_FreeData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff995fc45b0"
              }
            ],
            "repeated": 0,
            "id": 1723
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "SetWindowsHookExW",
            "status": true,
            "return": "0x00110167",
            "arguments": [
              {
                "name": "HookIdentifier",
                "value": "3",
                "pretty_value": "WH_GETMESSAGE"
              },
              {
                "name": "ProcedureAddress",
                "value": "0x7ff9870b3400"
              },
              {
                "name": "ModuleAddress",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 1724
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "SetWindowsHookExW",
            "status": true,
            "return": "0x00230499",
            "arguments": [
              {
                "name": "HookIdentifier",
                "value": "4",
                "pretty_value": "WH_CALLWNDPROC"
              },
              {
                "name": "ProcedureAddress",
                "value": "0x7ff9870b3620"
              },
              {
                "name": "ModuleAddress",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 1725
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff987439000"
              },
              {
                "name": "ModuleName",
                "value": "UIRibbon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1726
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff987439000"
              },
              {
                "name": "ModuleName",
                "value": "UIRibbon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1727
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\UIRibbon.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9870a0000"
              }
            ],
            "repeated": 0,
            "id": 1728
          },
          {
            "timestamp": "2026-06-30 02:26:23,854",
            "thread_id": "336",
            "caller": "0x7ff70101b47d",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9870a0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\UIRibbon.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1729
          },
          {
            "timestamp": "2026-06-30 02:26:23,870",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "Comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff994050000"
              }
            ],
            "repeated": 0,
            "id": 1730
          },
          {
            "timestamp": "2026-06-30 02:26:23,870",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff994050000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "Comctl32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1731
          },
          {
            "timestamp": "2026-06-30 02:26:23,870",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 8,
            "id": 1732
          },
          {
            "timestamp": "2026-06-30 02:26:23,870",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa760000"
              }
            ],
            "repeated": 0,
            "id": 1733
          },
          {
            "timestamp": "2026-06-30 02:26:23,870",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006be8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2500"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1734
          },
          {
            "timestamp": "2026-06-30 02:26:23,870",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00b978",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006be8"
              }
            ],
            "repeated": 0,
            "id": 1735
          },
          {
            "timestamp": "2026-06-30 02:26:23,870",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000009fa",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006be8"
              }
            ],
            "repeated": 0,
            "id": 1736
          },
          {
            "timestamp": "2026-06-30 02:26:23,870",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349479000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1737
          },
          {
            "timestamp": "2026-06-30 02:26:23,870",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c148",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "MSPAINT_RIBBON"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1738
          },
          {
            "timestamp": "2026-06-30 02:26:23,870",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734947b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1739
          },
          {
            "timestamp": "2026-06-30 02:26:23,870",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 1,
            "id": 1740
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000066"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1741
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 1742
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 7,
            "id": 1743
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1744
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c876000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1745
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff987439000"
              },
              {
                "name": "ModuleName",
                "value": "UIRibbon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1746
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff987439000"
              },
              {
                "name": "ModuleName",
                "value": "UIRibbon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1747
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\CTF\\Compatibility\\mspaint.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\mspaint.exe"
              }
            ],
            "repeated": 0,
            "id": 1748
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x000001f8"
              }
            ],
            "repeated": 0,
            "id": 1749
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1750
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "USER32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              }
            ],
            "repeated": 0,
            "id": 1751
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "2714"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa792380"
              }
            ],
            "repeated": 0,
            "id": 1752
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2501"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1753
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006bf8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2501"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1754
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00c378",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006bf8"
              }
            ],
            "repeated": 0,
            "id": 1755
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000d85",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006bf8"
              }
            ],
            "repeated": 0,
            "id": 1756
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734947e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1757
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734947f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1758
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349480000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1759
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349481000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1760
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349483000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1761
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349485000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1762
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734948c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1763
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734948d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1764
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734948e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1765
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349490000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1766
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349493000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1767
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349495000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1768
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349497000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1769
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17349499000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1770
          },
          {
            "timestamp": "2026-06-30 02:26:23,885",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734949b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1771
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734949d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1772
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734949f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1773
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1774
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1775
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1776
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1777
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1778
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1779
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1780
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1781
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494b5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1782
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1783
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1784
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494b9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1785
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1786
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1787
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1788
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1789
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1790
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1791
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494c1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1792
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494c3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1793
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1794
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1795
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1796
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1797
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1798
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494cc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1799
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494ce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1800
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1801
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1802
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494d5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1803
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494d6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1804
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494d7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1805
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d205000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1806
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d206000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1807
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d207000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1808
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d208000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1809
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d209000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1810
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d20a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1811
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d20b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1812
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d20c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1813
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d20d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1814
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1815
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1816
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1817
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1818
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0d4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1819
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0d5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1820
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 1821
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\UIRibbon.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1822
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000440"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000448"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\UIRibbon.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 1823
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000440"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c990000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edeae90"
              },
              {
                "name": "ViewSize",
                "value": "0x00005000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1824
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 1825
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x000001f8"
              }
            ],
            "repeated": 1,
            "id": 1826
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 1827
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x000001f8"
              }
            ],
            "repeated": 1,
            "id": 1828
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 1829
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 1830
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "dwmapi.dll"
              }
            ],
            "repeated": 0,
            "id": 1831
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dwmapi.dll"
              }
            ],
            "repeated": 0,
            "id": 1832
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dwmapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1833
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000045c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dwmapi.dll"
              }
            ],
            "repeated": 0,
            "id": 1834
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000045c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0002f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1835
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f48000"
              },
              {
                "name": "ModuleName",
                "value": "dwmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1836
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f3a000"
              },
              {
                "name": "ModuleName",
                "value": "dwmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1837
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f3a000"
              },
              {
                "name": "ModuleName",
                "value": "dwmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1838
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f3a000"
              },
              {
                "name": "ModuleName",
                "value": "dwmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1839
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f3a000"
              },
              {
                "name": "ModuleName",
                "value": "dwmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1840
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f3a000"
              },
              {
                "name": "ModuleName",
                "value": "dwmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1841
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              }
            ],
            "repeated": 0,
            "id": 1842
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 1843
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f3a000"
              },
              {
                "name": "ModuleName",
                "value": "dwmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1844
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0PBIs\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xeb\\xa4\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\xc1\\xee\\xa4\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88V\\xeb\\xa4\\xf9\\x7f\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00i\\x00n\\x00d\\x00o\\x00\\x02\\x00\\x00\\x00\\\\x00S\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00M\\x003\\x002\\x00\\\\x00\\x02\\x00\\x00\\x00n\\x00t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x00d\\x00l\\x00l\\x00"
              }
            ],
            "repeated": 0,
            "id": 1845
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dwmapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1846
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000440"
              }
            ],
            "repeated": 0,
            "id": 1847
          },
          {
            "timestamp": "2026-06-30 02:26:23,901",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\dwmapi"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a5f20000"
              }
            ],
            "repeated": 0,
            "id": 1848
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\dwmapi"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f20000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a5f24d40"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1849
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff987439000"
              },
              {
                "name": "ModuleName",
                "value": "UIRibbon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1850
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff987439000"
              },
              {
                "name": "ModuleName",
                "value": "UIRibbon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1851
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 1852
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x000001f8"
              }
            ],
            "repeated": 1,
            "id": 1853
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 1854
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x000001f8"
              }
            ],
            "repeated": 1,
            "id": 1855
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 1856
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1857
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1858
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1859
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1860
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1861
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494ef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1862
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "windows",
            "api": "PostMessageA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000804aa"
              },
              {
                "name": "Message",
                "value": "0x00000d00"
              }
            ],
            "repeated": 0,
            "id": 1863
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000b049a"
              },
              {
                "name": "Message",
                "value": "0x00000401"
              }
            ],
            "repeated": 0,
            "id": 1864
          },
          {
            "timestamp": "2026-06-30 02:26:23,917",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "windows",
            "api": "PostMessageA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000804aa"
              },
              {
                "name": "Message",
                "value": "0x00000d00"
              }
            ],
            "repeated": 0,
            "id": 1865
          },
          {
            "timestamp": "2026-06-30 02:26:23,932",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "SCENIC_UXHWNDEFFECTSMANAGER_WINDOW_PROP"
              },
              {
                "name": "Atom",
                "value": "0x0000c085"
              }
            ],
            "repeated": 0,
            "id": 1866
          },
          {
            "timestamp": "2026-06-30 02:26:23,932",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006be8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2500"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1867
          },
          {
            "timestamp": "2026-06-30 02:26:23,932",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00b978",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006be8"
              }
            ],
            "repeated": 0,
            "id": 1868
          },
          {
            "timestamp": "2026-06-30 02:26:23,932",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000009fa",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006be8"
              }
            ],
            "repeated": 0,
            "id": 1869
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c9a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1870
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c9a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1871
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 1872
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "windows",
            "api": "PostMessageA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000804aa"
              },
              {
                "name": "Message",
                "value": "0x00000d00"
              }
            ],
            "repeated": 0,
            "id": 1873
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5bea000"
              },
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1874
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5bea000"
              },
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1875
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "windows",
            "api": "PostMessageA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000804aa"
              },
              {
                "name": "Message",
                "value": "0x00000d00"
              }
            ],
            "repeated": 0,
            "id": 1876
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfed1b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c148"
              }
            ],
            "repeated": 0,
            "id": 1877
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000054dc",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c148"
              }
            ],
            "repeated": 0,
            "id": 1878
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x9b2020b2fa7e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c877000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1879
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c879000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1880
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x9b2020b2fa7e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c87b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1881
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c87e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1882
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c881000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1883
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c882000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1884
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c885000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1885
          },
          {
            "timestamp": "2026-06-30 02:26:23,948",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1886
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c887000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1887
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494f5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1888
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c889000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1889
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2502"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1890
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00d100",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1891
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00002902",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1892
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x9b2020b2f8ce",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x173494f8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1893
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2502"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1894
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00d100",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1895
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00002902",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1896
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2502"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1897
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00d100",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1898
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00002902",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1899
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2502"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1900
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00d100",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1901
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00002902",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1902
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006be8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2500"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1903
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00b978",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006be8"
              }
            ],
            "repeated": 0,
            "id": 1904
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000009fa",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006be8"
              }
            ],
            "repeated": 0,
            "id": 1905
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "windows",
            "api": "PostMessageA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000804aa"
              },
              {
                "name": "Message",
                "value": "0x00000d00"
              }
            ],
            "repeated": 0,
            "id": 1906
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x9b2020b2c44e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c88b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1907
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2502"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1908
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00d100",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1909
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00002902",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1910
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x9b2020b2f92e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c88c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1911
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x9b2020b2c6ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2502"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1912
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x9b2020b2c6ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00d100",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1913
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x9b2020b2c6ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00002902",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1914
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x9b2020b2fe4e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c88e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1915
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x000001f8"
              }
            ],
            "repeated": 1,
            "id": 1916
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "windows",
            "api": "PostMessageA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000804aa"
              },
              {
                "name": "Message",
                "value": "0x00000d00"
              }
            ],
            "repeated": 0,
            "id": 1917
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff987439000"
              },
              {
                "name": "ModuleName",
                "value": "UIRibbon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1918
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff987439000"
              },
              {
                "name": "ModuleName",
                "value": "UIRibbon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1919
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "windows",
            "api": "PostMessageA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000804aa"
              },
              {
                "name": "Message",
                "value": "0x00000d00"
              }
            ],
            "repeated": 0,
            "id": 1920
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70102e5e7",
            "parentcaller": "0x7ff701054368",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "software"
              },
              {
                "name": "Handle",
                "value": "0x00000468"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\software"
              }
            ],
            "repeated": 0,
            "id": 1921
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70102e5e7",
            "parentcaller": "0x7ff701054368",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000468"
              },
              {
                "name": "SubKey",
                "value": "Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1922
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70102e5e7",
            "parentcaller": "0x7ff701054368",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000046c"
              },
              {
                "name": "SubKey",
                "value": "Paint"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "Handle",
                "value": "0x00000470"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 1923
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70102e5e7",
            "parentcaller": "0x7ff701054368",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000468"
              }
            ],
            "repeated": 0,
            "id": 1924
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70102e5e7",
            "parentcaller": "0x7ff701054368",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 1925
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff701052e67",
            "parentcaller": "0x7ff70105437b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000470"
              },
              {
                "name": "SubKey",
                "value": "Ribbon"
              },
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Ribbon"
              }
            ],
            "repeated": 0,
            "id": 1926
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff701052ead",
            "parentcaller": "0x7ff70105437b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "QatItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Ribbon\\QatItems"
              }
            ],
            "repeated": 0,
            "id": 1927
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff701053eb0",
            "parentcaller": "0x7ff701052f05",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "QatItems"
              },
              {
                "name": "Data",
                "value": "<siq:customUI xmlns:siq=\"http://schemas.microsoft.com/windows/2009/ribbon/qat\"><siq:ribbon minimized=\"false\"><siq:qat position=\"0\"><siq:sharedControls><siq:control idQ=\"siq:20002\" visible=\"false\" argument=\"0\"/><siq:control idQ=\"siq:20003\" visible=\"false\" a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Ribbon\\QatItems"
              }
            ],
            "repeated": 0,
            "id": 1928
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff7010530f8",
            "parentcaller": "0x7ff701053241",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\msxml6"
              },
              {
                "name": "DllBase",
                "value": "0x7ff994e80000"
              }
            ],
            "repeated": 0,
            "id": 1929
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff7010530f8",
            "parentcaller": "0x7ff701053241",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\msxml6.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff994e80000"
              }
            ],
            "repeated": 0,
            "id": 1930
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff7010530f8",
            "parentcaller": "0x7ff701053241",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "88D96A06-F192-11D4-A65F-0040963251E5"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "2933BF81-7B36-11D2-B20E-00C04F983E60"
              },
              {
                "name": "ProgID",
                "value": "Msxml2.FreeThreadedDOMDocument.6.0"
              }
            ],
            "repeated": 0,
            "id": 1931
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70105305f",
            "parentcaller": "0x7ff7010531ac",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9950ae000"
              },
              {
                "name": "ModuleName",
                "value": "msxml6.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1932
          },
          {
            "timestamp": "2026-06-30 02:26:23,964",
            "thread_id": "336",
            "caller": "0x7ff70105305f",
            "parentcaller": "0x7ff7010531ac",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9950ae000"
              },
              {
                "name": "ModuleName",
                "value": "msxml6.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1933
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70105327f",
            "parentcaller": "0x7ff701052f11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d6dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1934
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70105327f",
            "parentcaller": "0x7ff701052f11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d6e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1935
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70105327f",
            "parentcaller": "0x7ff701052f11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d6e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1936
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70105327f",
            "parentcaller": "0x7ff701052f11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d6e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1937
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70105327f",
            "parentcaller": "0x7ff701052f11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d6e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1938
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff7010532fc",
            "parentcaller": "0x7ff701052f11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d6ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1939
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff7010532fc",
            "parentcaller": "0x7ff701052f11",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d6e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1940
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff7010532fc",
            "parentcaller": "0x7ff701052f11",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d6dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1941
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff701053378",
            "parentcaller": "0x7ff701052f11",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d6dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1942
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff701053378",
            "parentcaller": "0x7ff701052f11",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 1943
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff701053378",
            "parentcaller": "0x7ff701052f11",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              }
            ],
            "repeated": 0,
            "id": 1944
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff701053378",
            "parentcaller": "0x7ff701052f11",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              }
            ],
            "repeated": 0,
            "id": 1945
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff701052f2c",
            "parentcaller": "0x7ff70105437b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 1946
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff701052f88",
            "parentcaller": "0x7ff70105437b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1947
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff701052f88",
            "parentcaller": "0x7ff70105437b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1948
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff701052f88",
            "parentcaller": "0x7ff70105437b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1949
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff701054388",
            "parentcaller": "0x7ff70101b4a7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 1950
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2502"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1951
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00d100",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1952
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00002902",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1953
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1954
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x9b2020b2c03e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2502"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1955
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x9b2020b2c03e",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00d100",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1956
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x9b2020b2c03e",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00002902",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1957
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2502"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1958
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00d100",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1959
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00002902",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1960
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1961
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2fc3e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c894000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1962
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 1963
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2502"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1964
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00d100",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1965
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00002902",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 1966
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7d4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1967
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2f2fe",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7d7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1968
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 1969
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2ffee",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c897000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1970
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 1971
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2ff7e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7da000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1972
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 1973
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2ef3e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1974
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 5,
            "id": 1975
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2fb3e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c89a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1976
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "Ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 1977
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9aa9f0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "Ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1978
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "WinSqmAddToStreamEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa6fec0"
              }
            ],
            "repeated": 0,
            "id": 1979
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2c5fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#6112"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1980
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2e65e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\windowscodecs"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99cf00000"
              }
            ],
            "repeated": 0,
            "id": 1981
          },
          {
            "timestamp": "2026-06-30 02:26:23,979",
            "thread_id": "336",
            "caller": "0x9b2020b2e65e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windowscodecs.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99cf00000"
              }
            ],
            "repeated": 0,
            "id": 1982
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1983
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#6112"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1984
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x7ff98743bc40",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "PNG"
              },
              {
                "name": "Name",
                "value": "#6112"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1985
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x7ff98744dc60",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x7ff98743bc40"
              }
            ],
            "repeated": 0,
            "id": 1986
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000436",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x7ff98743bc40"
              }
            ],
            "repeated": 0,
            "id": 1987
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f8ae",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 0,
            "id": 1988
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f94e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 1989
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f91e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{41945702-8302-44A6-9445-AC98E8AFA086}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}"
              }
            ],
            "repeated": 0,
            "id": 1990
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f94e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "{41945702-8302-44A6-9445-AC98E8AFA086}"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}"
              }
            ],
            "repeated": 0,
            "id": 1991
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f95e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Data",
                "value": "{41945702-8302-44A6-9445-AC98E8AFA086}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}\\CLSID"
              }
            ],
            "repeated": 0,
            "id": 1992
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2fc4e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}"
              },
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}"
              }
            ],
            "repeated": 0,
            "id": 1993
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Author"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author"
              }
            ],
            "repeated": 0,
            "id": 1994
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Author"
              },
              {
                "name": "Data",
                "value": "Microsoft Corporation"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author"
              }
            ],
            "repeated": 0,
            "id": 1995
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "FriendlyName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName"
              }
            ],
            "repeated": 0,
            "id": 1996
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "FriendlyName"
              },
              {
                "name": "Data",
                "value": "Microsoft Raw Image Decoder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName"
              }
            ],
            "repeated": 0,
            "id": 1997
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1998
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "10.0.19041.746"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version"
              }
            ],
            "repeated": 0,
            "id": 1999
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SpecVersion"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion"
              }
            ],
            "repeated": 0,
            "id": 2000
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SpecVersion"
              },
              {
                "name": "Data",
                "value": "1.0.0.0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion"
              }
            ],
            "repeated": 0,
            "id": 2001
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Vendor"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor"
              }
            ],
            "repeated": 0,
            "id": 2002
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Vendor"
              },
              {
                "name": "Data",
                "value": "{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor"
              }
            ],
            "repeated": 0,
            "id": 2003
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000047e"
              },
              {
                "name": "SubKey",
                "value": "InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 2004
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2005
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\MSRAWImage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2006
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f80e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              }
            ],
            "repeated": 0,
            "id": 2007
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ff9e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "ContainerFormat"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat"
              }
            ],
            "repeated": 0,
            "id": 2008
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2ff9e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "ContainerFormat"
              },
              {
                "name": "Data",
                "value": "{FE99CE60-F19C-433C-A3AE-00ACEFA9CA21}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat"
              }
            ],
            "repeated": 0,
            "id": 2009
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "DeviceManufacturer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceManufacturer"
              }
            ],
            "repeated": 0,
            "id": 2010
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "DeviceModels"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceModels"
              }
            ],
            "repeated": 0,
            "id": 2011
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "ColorManagementVersion"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion"
              }
            ],
            "repeated": 0,
            "id": 2012
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "ColorManagementVersion"
              },
              {
                "name": "Data",
                "value": "1.0.0.0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion"
              }
            ],
            "repeated": 0,
            "id": 2013
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "MimeTypes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes"
              }
            ],
            "repeated": 0,
            "id": 2014
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "MimeTypes"
              },
              {
                "name": "Data",
                "value": "image/3FR,image/ARI,image/ARW,image/BAY,image/CAP,image/CR2,image/CR3,image/CRW,image/DCS,image/DCR,image/DRF,image/EIP,image/ERF,image/FFF,image/IIQ,image/K25,image/KDC,image/MEF,image/MOS,image/MRW,image/NEF,image/NRW,image/ORF,image/ORI,image/PEF,image/"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes"
              }
            ],
            "repeated": 0,
            "id": 2015
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "FileExtensions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions"
              }
            ],
            "repeated": 0,
            "id": 2016
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "FileExtensions"
              },
              {
                "name": "Data",
                "value": ".3FR,.ARI,.ARW,.BAY,.CAP,.CR2,.CR3,.CRW,.DCS,.DCR,.DRF,.EIP,.ERF,.FFF,.IIQ,.K25,.KDC,.MEF,.MOS,.MRW,.NEF,.NRW,.ORF,.ORI,.PEF,.PTX,.PXN,.RAF,.RAW,.RW2,.RWL,.SR2,.SRF,.SRW,.X3F,.DNG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions"
              }
            ],
            "repeated": 0,
            "id": 2017
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SupportAnimation"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportAnimation"
              }
            ],
            "repeated": 0,
            "id": 2018
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SupportChromakey"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportChromakey"
              }
            ],
            "repeated": 0,
            "id": 2019
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SupportLossless"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportLossless"
              }
            ],
            "repeated": 0,
            "id": 2020
          },
          {
            "timestamp": "2026-06-30 02:26:23,995",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SupportMultiframe"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportMultiframe"
              }
            ],
            "repeated": 0,
            "id": 2021
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "ArbitrationPriority"
              },
              {
                "name": "Data",
                "value": "10"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ArbitrationPriority"
              }
            ],
            "repeated": 0,
            "id": 2022
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff2e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000047e"
              },
              {
                "name": "SubKey",
                "value": "Formats"
              },
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Formats"
              }
            ],
            "repeated": 0,
            "id": 2023
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fffe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC90D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC90D}"
              }
            ],
            "repeated": 0,
            "id": 2024
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fffe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Formats\\"
              }
            ],
            "repeated": 0,
            "id": 2025
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              }
            ],
            "repeated": 0,
            "id": 2026
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000047e"
              },
              {
                "name": "SubKey",
                "value": "Patterns"
              },
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns"
              }
            ],
            "repeated": 0,
            "id": 2027
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0"
              }
            ],
            "repeated": 0,
            "id": 2028
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "0"
              },
              {
                "name": "Handle",
                "value": "0x00000482"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0"
              }
            ],
            "repeated": 0,
            "id": 2029
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000482"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2030
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000482"
              }
            ],
            "repeated": 0,
            "id": 2031
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "1"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1"
              }
            ],
            "repeated": 0,
            "id": 2032
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "1"
              },
              {
                "name": "Handle",
                "value": "0x00000482"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1"
              }
            ],
            "repeated": 0,
            "id": 2033
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000482"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2034
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000482"
              }
            ],
            "repeated": 0,
            "id": 2035
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "10"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10"
              }
            ],
            "repeated": 0,
            "id": 2036
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "10"
              },
              {
                "name": "Handle",
                "value": "0x00000482"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10"
              }
            ],
            "repeated": 0,
            "id": 2037
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000482"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2038
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000482"
              }
            ],
            "repeated": 0,
            "id": 2039
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "11"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11"
              }
            ],
            "repeated": 0,
            "id": 2040
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "11"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11"
              }
            ],
            "repeated": 0,
            "id": 2041
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2042
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2043
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "12"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12"
              }
            ],
            "repeated": 0,
            "id": 2044
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "12"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12"
              }
            ],
            "repeated": 0,
            "id": 2045
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2046
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2047
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "13"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13"
              }
            ],
            "repeated": 0,
            "id": 2048
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "13"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13"
              }
            ],
            "repeated": 0,
            "id": 2049
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2050
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2051
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "Name",
                "value": "14"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14"
              }
            ],
            "repeated": 0,
            "id": 2052
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "14"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14"
              }
            ],
            "repeated": 0,
            "id": 2053
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2054
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2055
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2"
              }
            ],
            "repeated": 0,
            "id": 2056
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "2"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2"
              }
            ],
            "repeated": 0,
            "id": 2057
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2058
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2059
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "Name",
                "value": "3"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3"
              }
            ],
            "repeated": 0,
            "id": 2060
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "3"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3"
              }
            ],
            "repeated": 0,
            "id": 2061
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2062
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2063
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "Name",
                "value": "4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4"
              }
            ],
            "repeated": 0,
            "id": 2064
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "4"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4"
              }
            ],
            "repeated": 0,
            "id": 2065
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2066
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2067
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "Name",
                "value": "5"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5"
              }
            ],
            "repeated": 0,
            "id": 2068
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "5"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5"
              }
            ],
            "repeated": 0,
            "id": 2069
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2070
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2071
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "Name",
                "value": "6"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6"
              }
            ],
            "repeated": 0,
            "id": 2072
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "6"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6"
              }
            ],
            "repeated": 0,
            "id": 2073
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2074
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2075
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "Name",
                "value": "7"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7"
              }
            ],
            "repeated": 0,
            "id": 2076
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "7"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7"
              }
            ],
            "repeated": 0,
            "id": 2077
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2078
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2079
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "Name",
                "value": "8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8"
              }
            ],
            "repeated": 0,
            "id": 2080
          },
          {
            "timestamp": "2026-06-30 02:26:24,010",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "8"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8"
              }
            ],
            "repeated": 0,
            "id": 2081
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2082
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2083
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "Name",
                "value": "9"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9"
              }
            ],
            "repeated": 0,
            "id": 2084
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "9"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9"
              }
            ],
            "repeated": 0,
            "id": 2085
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2086
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2087
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\"
              }
            ],
            "repeated": 0,
            "id": 2088
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2f29e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c89d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2089
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0"
              }
            ],
            "repeated": 0,
            "id": 2090
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "0"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0"
              }
            ],
            "repeated": 0,
            "id": 2091
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Position"
              }
            ],
            "repeated": 0,
            "id": 2092
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2093
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "MM\\x00*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2094
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2095
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2096
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2097
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "1"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1"
              }
            ],
            "repeated": 0,
            "id": 2098
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "1"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1"
              }
            ],
            "repeated": 0,
            "id": 2099
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Position"
              }
            ],
            "repeated": 0,
            "id": 2100
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2101
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "II*\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2102
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2103
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2104
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2105
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "10"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10"
              }
            ],
            "repeated": 0,
            "id": 2106
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "10"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10"
              }
            ],
            "repeated": 0,
            "id": 2107
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Position"
              }
            ],
            "repeated": 0,
            "id": 2108
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2109
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "MMMMRaw\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2110
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2111
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2112
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2113
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "11"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11"
              }
            ],
            "repeated": 0,
            "id": 2114
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "11"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11"
              }
            ],
            "repeated": 0,
            "id": 2115
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Position"
              }
            ],
            "repeated": 0,
            "id": 2116
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2117
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "IIU\\x00\\x08\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2118
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2119
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2120
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2121
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "12"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12"
              }
            ],
            "repeated": 0,
            "id": 2122
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "12"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12"
              }
            ],
            "repeated": 0,
            "id": 2123
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Position"
              }
            ],
            "repeated": 0,
            "id": 2124
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2125
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "IIU\\x00\\x18\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2126
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2127
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2128
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2129
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "13"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13"
              }
            ],
            "repeated": 0,
            "id": 2130
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "13"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13"
              }
            ],
            "repeated": 0,
            "id": 2131
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Position"
              }
            ],
            "repeated": 0,
            "id": 2132
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2133
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "FOVb"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2134
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2135
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2136
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2137
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "Name",
                "value": "14"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14"
              }
            ],
            "repeated": 0,
            "id": 2138
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "14"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14"
              }
            ],
            "repeated": 0,
            "id": 2139
          },
          {
            "timestamp": "2026-06-30 02:26:24,026",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Position"
              }
            ],
            "repeated": 0,
            "id": 2140
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2141
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "ftypcrx "
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2142
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2143
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2144
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2145
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2"
              }
            ],
            "repeated": 0,
            "id": 2146
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "2"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2"
              }
            ],
            "repeated": 0,
            "id": 2147
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Position"
              }
            ],
            "repeated": 0,
            "id": 2148
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2149
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "IIRO"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2150
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2151
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2152
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2153
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "Name",
                "value": "3"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3"
              }
            ],
            "repeated": 0,
            "id": 2154
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "3"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3"
              }
            ],
            "repeated": 0,
            "id": 2155
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Position"
              }
            ],
            "repeated": 0,
            "id": 2156
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2157
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "IIRS"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2158
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2159
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2160
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2161
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "Name",
                "value": "4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4"
              }
            ],
            "repeated": 0,
            "id": 2162
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "4"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4"
              }
            ],
            "repeated": 0,
            "id": 2163
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Position"
              }
            ],
            "repeated": 0,
            "id": 2164
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2165
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "MMOR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2166
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2167
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2168
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2169
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "Name",
                "value": "5"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5"
              }
            ],
            "repeated": 0,
            "id": 2170
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "5"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5"
              }
            ],
            "repeated": 0,
            "id": 2171
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Position"
              }
            ],
            "repeated": 0,
            "id": 2172
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2173
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "MMSR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2174
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2175
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2176
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2177
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "Name",
                "value": "6"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6"
              }
            ],
            "repeated": 0,
            "id": 2178
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "6"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6"
              }
            ],
            "repeated": 0,
            "id": 2179
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Position"
              }
            ],
            "repeated": 0,
            "id": 2180
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2181
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "II\\x1a\\x00\\x00\\x00HE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2182
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2183
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2184
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2185
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "Name",
                "value": "7"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7"
              }
            ],
            "repeated": 0,
            "id": 2186
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "7"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7"
              }
            ],
            "repeated": 0,
            "id": 2187
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Position"
              }
            ],
            "repeated": 0,
            "id": 2188
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2189
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "FUJIFILM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2190
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2191
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2192
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2193
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "Name",
                "value": "8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8"
              }
            ],
            "repeated": 0,
            "id": 2194
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "8"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8"
              }
            ],
            "repeated": 0,
            "id": 2195
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Position"
              }
            ],
            "repeated": 0,
            "id": 2196
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2197
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "\\x00MRM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2198
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2199
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2200
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2201
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "Name",
                "value": "9"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9"
              }
            ],
            "repeated": 0,
            "id": 2202
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "9"
              },
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9"
              }
            ],
            "repeated": 0,
            "id": 2203
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Position"
              }
            ],
            "repeated": 0,
            "id": 2204
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2205
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "IIII\\x00waR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2206
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2207
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2208
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000492"
              }
            ],
            "repeated": 0,
            "id": 2209
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\"
              }
            ],
            "repeated": 0,
            "id": 2210
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2f80e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              }
            ],
            "repeated": 0,
            "id": 2211
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2f88e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              }
            ],
            "repeated": 0,
            "id": 2212
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2f96e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2213
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2f91e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}"
              }
            ],
            "repeated": 0,
            "id": 2214
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2f94e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}"
              }
            ],
            "repeated": 0,
            "id": 2215
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2f95e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Data",
                "value": "{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\CLSID"
              }
            ],
            "repeated": 0,
            "id": 2216
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2fc4e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}"
              },
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}"
              }
            ],
            "repeated": 0,
            "id": 2217
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Author"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author"
              }
            ],
            "repeated": 0,
            "id": 2218
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Author"
              },
              {
                "name": "Data",
                "value": "Microsoft Corporation"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author"
              }
            ],
            "repeated": 0,
            "id": 2219
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "FriendlyName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName"
              }
            ],
            "repeated": 0,
            "id": 2220
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "FriendlyName"
              },
              {
                "name": "Data",
                "value": "Microsoft Camera Raw Decoder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName"
              }
            ],
            "repeated": 0,
            "id": 2221
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version"
              }
            ],
            "repeated": 0,
            "id": 2222
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Version"
              },
              {
                "name": "Data",
                "value": "10.0.19041.1165"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version"
              }
            ],
            "repeated": 0,
            "id": 2223
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SpecVersion"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion"
              }
            ],
            "repeated": 0,
            "id": 2224
          },
          {
            "timestamp": "2026-06-30 02:26:24,042",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SpecVersion"
              },
              {
                "name": "Data",
                "value": "1.0.0.0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion"
              }
            ],
            "repeated": 0,
            "id": 2225
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ffde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Vendor"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor"
              }
            ],
            "repeated": 0,
            "id": 2226
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ffde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "Vendor"
              },
              {
                "name": "Data",
                "value": "{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor"
              }
            ],
            "repeated": 0,
            "id": 2227
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000047e"
              },
              {
                "name": "SubKey",
                "value": "InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 2228
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2229
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ffae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\WindowsCodecsRaw.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 2230
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f80e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              }
            ],
            "repeated": 0,
            "id": 2231
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff9e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "ContainerFormat"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat"
              }
            ],
            "repeated": 0,
            "id": 2232
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff9e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "ContainerFormat"
              },
              {
                "name": "Data",
                "value": "{C1FC85CB-D64F-478B-A4EC-69ADC9EE1392}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat"
              }
            ],
            "repeated": 0,
            "id": 2233
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "DeviceManufacturer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceManufacturer"
              }
            ],
            "repeated": 0,
            "id": 2234
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "DeviceModels"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceModels"
              }
            ],
            "repeated": 0,
            "id": 2235
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "ColorManagementVersion"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion"
              }
            ],
            "repeated": 0,
            "id": 2236
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "ColorManagementVersion"
              },
              {
                "name": "Data",
                "value": "1.0.0.0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion"
              }
            ],
            "repeated": 0,
            "id": 2237
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "MimeTypes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes"
              }
            ],
            "repeated": 0,
            "id": 2238
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "MimeTypes"
              },
              {
                "name": "Data",
                "value": "image/ARW,image/CR2,image/CRW,image/ERF,image/KDC,image/MRW,image/NEF,image/NRW,image/ORF,image/PEF,image/RAF,image/RAW,image/RW2,image/RWL,image/SR2,image/SRW,image/DNG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes"
              }
            ],
            "repeated": 0,
            "id": 2239
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "FileExtensions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions"
              }
            ],
            "repeated": 0,
            "id": 2240
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "FileExtensions"
              },
              {
                "name": "Data",
                "value": ".ARW,.CR2,.CRW,.ERF,.KDC,.MRW,.NEF,.NRW,.ORF,.PEF,.RAF,.RAW,.RW2,.RWL,.SR2,.SRW,.DNG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions"
              }
            ],
            "repeated": 0,
            "id": 2241
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SupportAnimation"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportAnimation"
              }
            ],
            "repeated": 0,
            "id": 2242
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SupportChromakey"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportChromakey"
              }
            ],
            "repeated": 0,
            "id": 2243
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SupportLossless"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportLossless"
              }
            ],
            "repeated": 0,
            "id": 2244
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "SupportMultiframe"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportMultiframe"
              }
            ],
            "repeated": 0,
            "id": 2245
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              },
              {
                "name": "ValueName",
                "value": "ArbitrationPriority"
              },
              {
                "name": "Data",
                "value": "9"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ArbitrationPriority"
              }
            ],
            "repeated": 0,
            "id": 2246
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff2e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000047e"
              },
              {
                "name": "SubKey",
                "value": "Formats"
              },
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats"
              }
            ],
            "repeated": 0,
            "id": 2247
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fffe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC90C}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC90C}"
              }
            ],
            "repeated": 0,
            "id": 2248
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fffe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC90D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC90D}"
              }
            ],
            "repeated": 0,
            "id": 2249
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fffe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC90E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC90E}"
              }
            ],
            "repeated": 0,
            "id": 2250
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fffe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC90F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC90F}"
              }
            ],
            "repeated": 0,
            "id": 2251
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fffe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC910}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC910}"
              }
            ],
            "repeated": 0,
            "id": 2252
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fffe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC915}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC915}"
              }
            ],
            "repeated": 0,
            "id": 2253
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fffe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "Name",
                "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC916}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC916}"
              }
            ],
            "repeated": 0,
            "id": 2254
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fffe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "Name",
                "value": "{6FDDC324-4E03-4BFE-B185-3D77768DC917}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\{6FDDC324-4E03-4BFE-B185-3D77768DC917}"
              }
            ],
            "repeated": 0,
            "id": 2255
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fffe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats\\"
              }
            ],
            "repeated": 0,
            "id": 2256
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              }
            ],
            "repeated": 0,
            "id": 2257
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2f86e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000047e"
              },
              {
                "name": "SubKey",
                "value": "Patterns"
              },
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns"
              }
            ],
            "repeated": 0,
            "id": 2258
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0"
              }
            ],
            "repeated": 0,
            "id": 2259
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "0"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0"
              }
            ],
            "repeated": 0,
            "id": 2260
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2261
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2262
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "1"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1"
              }
            ],
            "repeated": 0,
            "id": 2263
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "1"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1"
              }
            ],
            "repeated": 0,
            "id": 2264
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2265
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2266
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "10"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10"
              }
            ],
            "repeated": 0,
            "id": 2267
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "10"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10"
              }
            ],
            "repeated": 0,
            "id": 2268
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2269
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2270
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "11"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11"
              }
            ],
            "repeated": 0,
            "id": 2271
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "11"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11"
              }
            ],
            "repeated": 0,
            "id": 2272
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2273
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2274
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "12"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12"
              }
            ],
            "repeated": 0,
            "id": 2275
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "12"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12"
              }
            ],
            "repeated": 0,
            "id": 2276
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2277
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2278
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2"
              }
            ],
            "repeated": 0,
            "id": 2279
          },
          {
            "timestamp": "2026-06-30 02:26:24,057",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "2"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2"
              }
            ],
            "repeated": 0,
            "id": 2280
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2281
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2282
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "Name",
                "value": "3"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3"
              }
            ],
            "repeated": 0,
            "id": 2283
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "3"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3"
              }
            ],
            "repeated": 0,
            "id": 2284
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2285
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2286
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "Name",
                "value": "4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4"
              }
            ],
            "repeated": 0,
            "id": 2287
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "4"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4"
              }
            ],
            "repeated": 0,
            "id": 2288
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2289
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2290
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "Name",
                "value": "5"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5"
              }
            ],
            "repeated": 0,
            "id": 2291
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "5"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5"
              }
            ],
            "repeated": 0,
            "id": 2292
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2293
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2294
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "Name",
                "value": "6"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6"
              }
            ],
            "repeated": 0,
            "id": 2295
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "6"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6"
              }
            ],
            "repeated": 0,
            "id": 2296
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2297
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2298
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "Name",
                "value": "7"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7"
              }
            ],
            "repeated": 0,
            "id": 2299
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "7"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7"
              }
            ],
            "repeated": 0,
            "id": 2300
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2301
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2302
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "Name",
                "value": "8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8"
              }
            ],
            "repeated": 0,
            "id": 2303
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "8"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8"
              }
            ],
            "repeated": 0,
            "id": 2304
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2305
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2306
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "Name",
                "value": "9"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9"
              }
            ],
            "repeated": 0,
            "id": 2307
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "9"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9"
              }
            ],
            "repeated": 0,
            "id": 2308
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2309
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2310
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\"
              }
            ],
            "repeated": 0,
            "id": 2311
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0"
              }
            ],
            "repeated": 0,
            "id": 2312
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "0"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0"
              }
            ],
            "repeated": 0,
            "id": 2313
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Position"
              }
            ],
            "repeated": 0,
            "id": 2314
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2315
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "MM\\x00*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2316
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2317
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2318
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2319
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "1"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1"
              }
            ],
            "repeated": 0,
            "id": 2320
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "1"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1"
              }
            ],
            "repeated": 0,
            "id": 2321
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Position"
              }
            ],
            "repeated": 0,
            "id": 2322
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2323
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "II*\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2324
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2325
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2326
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2327
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "10"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10"
              }
            ],
            "repeated": 0,
            "id": 2328
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "10"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10"
              }
            ],
            "repeated": 0,
            "id": 2329
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Position"
              }
            ],
            "repeated": 0,
            "id": 2330
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2331
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "MMMMRaw\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2332
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2333
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2334
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2335
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "11"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11"
              }
            ],
            "repeated": 0,
            "id": 2336
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "11"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11"
              }
            ],
            "repeated": 0,
            "id": 2337
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Position"
              }
            ],
            "repeated": 0,
            "id": 2338
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2339
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "IIU\\x00\\x08\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2340
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2341
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2342
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2343
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "12"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12"
              }
            ],
            "repeated": 0,
            "id": 2344
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "12"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12"
              }
            ],
            "repeated": 0,
            "id": 2345
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Position"
              }
            ],
            "repeated": 0,
            "id": 2346
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2347
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "IIU\\x00\\x18\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2348
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2349
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2350
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2351
          },
          {
            "timestamp": "2026-06-30 02:26:24,073",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "2"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2"
              }
            ],
            "repeated": 0,
            "id": 2352
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "2"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2"
              }
            ],
            "repeated": 0,
            "id": 2353
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Position"
              }
            ],
            "repeated": 0,
            "id": 2354
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2355
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "IIRO"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2356
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2357
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2358
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2359
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "Name",
                "value": "3"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3"
              }
            ],
            "repeated": 0,
            "id": 2360
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "3"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3"
              }
            ],
            "repeated": 0,
            "id": 2361
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Position"
              }
            ],
            "repeated": 0,
            "id": 2362
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2363
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "IIRS"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2364
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2365
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2366
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2367
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "Name",
                "value": "4"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4"
              }
            ],
            "repeated": 0,
            "id": 2368
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "4"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4"
              }
            ],
            "repeated": 0,
            "id": 2369
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Position"
              }
            ],
            "repeated": 0,
            "id": 2370
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2371
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "MMOR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2372
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2373
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2374
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2375
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "Name",
                "value": "5"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5"
              }
            ],
            "repeated": 0,
            "id": 2376
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "5"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5"
              }
            ],
            "repeated": 0,
            "id": 2377
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Position"
              }
            ],
            "repeated": 0,
            "id": 2378
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2379
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "MMSR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2380
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2381
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2382
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2383
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "Name",
                "value": "6"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6"
              }
            ],
            "repeated": 0,
            "id": 2384
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "6"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6"
              }
            ],
            "repeated": 0,
            "id": 2385
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Position"
              }
            ],
            "repeated": 0,
            "id": 2386
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2387
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "II\\x1a\\x00\\x00\\x00HE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2388
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2389
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2390
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2391
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "Name",
                "value": "7"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7"
              }
            ],
            "repeated": 0,
            "id": 2392
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "7"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7"
              }
            ],
            "repeated": 0,
            "id": 2393
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Position"
              }
            ],
            "repeated": 0,
            "id": 2394
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2395
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "FUJIFILM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2396
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2397
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2398
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2399
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "Name",
                "value": "8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8"
              }
            ],
            "repeated": 0,
            "id": 2400
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "8"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8"
              }
            ],
            "repeated": 0,
            "id": 2401
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Position"
              }
            ],
            "repeated": 0,
            "id": 2402
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2403
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "\\x00MRM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2404
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2405
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2406
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2407
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "Name",
                "value": "9"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9"
              }
            ],
            "repeated": 0,
            "id": 2408
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2febe",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000486"
              },
              {
                "name": "SubKey",
                "value": "9"
              },
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9"
              }
            ],
            "repeated": 0,
            "id": 2409
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Position"
              },
              {
                "name": "Data",
                "value": "8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Position"
              }
            ],
            "repeated": 0,
            "id": 2410
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "EndOfStream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\EndOfStream"
              }
            ],
            "repeated": 0,
            "id": 2411
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Pattern"
              },
              {
                "name": "Data",
                "value": "IIII\\x00waR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern"
              }
            ],
            "repeated": 0,
            "id": 2412
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2413
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fede",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              },
              {
                "name": "ValueName",
                "value": "Mask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask"
              }
            ],
            "repeated": 0,
            "id": 2414
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 2415
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff0e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\"
              }
            ],
            "repeated": 0,
            "id": 2416
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2f80e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000486"
              }
            ],
            "repeated": 0,
            "id": 2417
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2f88e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047e"
              }
            ],
            "repeated": 0,
            "id": 2418
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2f96e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2419
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2f91e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 2420
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2f96e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2421
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ff5e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c89e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2422
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{699745C2-5066-4B82-A8E3-D40478DBEC8C}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{699745C2-5066-4B82-A8E3-D40478DBEC8C}"
              }
            ],
            "repeated": 0,
            "id": 2423
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{699745C2-5066-4B82-A8E3-D40478DBEC8C}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2424
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{699745C2-5066-4B82-A8E3-D40478DBEC8C}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2425
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2426
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2427
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{43324B33-A78F-480F-9111-9638AACCC832}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{43324B33-A78F-480F-9111-9638AACCC832}"
              }
            ],
            "repeated": 0,
            "id": 2428
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{43324B33-A78F-480F-9111-9638AACCC832}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2429
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{43324B33-A78F-480F-9111-9638AACCC832}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2430
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2431
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2432
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2f35e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c89f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2433
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{DDE33513-774E-4BCD-AE79-02F4ADFE62FC}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{DDE33513-774E-4BCD-AE79-02F4ADFE62FC}"
              }
            ],
            "repeated": 0,
            "id": 2434
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DDE33513-774E-4BCD-AE79-02F4ADFE62FC}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2435
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DDE33513-774E-4BCD-AE79-02F4ADFE62FC}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2436
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2437
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2438
          },
          {
            "timestamp": "2026-06-30 02:26:24,089",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AA7E3C50-864C-4604-BC04-8B0B76E637F6}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{AA7E3C50-864C-4604-BC04-8B0B76E637F6}"
              }
            ],
            "repeated": 0,
            "id": 2439
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA7E3C50-864C-4604-BC04-8B0B76E637F6}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2440
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA7E3C50-864C-4604-BC04-8B0B76E637F6}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2441
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2442
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2443
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{8F914656-9D0A-4EB2-9019-0BF96D8A9EE6}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{8F914656-9D0A-4EB2-9019-0BF96D8A9EE6}"
              }
            ],
            "repeated": 0,
            "id": 2444
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8F914656-9D0A-4EB2-9019-0BF96D8A9EE6}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2445
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8F914656-9D0A-4EB2-9019-0BF96D8A9EE6}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2446
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2447
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2448
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{50D42F09-ECD1-4B41-B65D-DA1FDAA75663}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{50D42F09-ECD1-4B41-B65D-DA1FDAA75663}"
              }
            ],
            "repeated": 0,
            "id": 2449
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{50D42F09-ECD1-4B41-B65D-DA1FDAA75663}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2450
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{50D42F09-ECD1-4B41-B65D-DA1FDAA75663}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2451
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2452
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2453
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{D9403860-297F-4A49-BF9B-77898150A442}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{D9403860-297F-4A49-BF9B-77898150A442}"
              }
            ],
            "repeated": 0,
            "id": 2454
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D9403860-297F-4A49-BF9B-77898150A442}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2455
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D9403860-297F-4A49-BF9B-77898150A442}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2456
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2457
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2458
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{3697790B-223B-484E-9925-C4869218F17A}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{3697790B-223B-484E-9925-C4869218F17A}"
              }
            ],
            "repeated": 0,
            "id": 2459
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3697790B-223B-484E-9925-C4869218F17A}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2460
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3697790B-223B-484E-9925-C4869218F17A}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2461
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2462
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2463
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{B5C8B898-0074-459F-B700-860D4651EA14}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{B5C8B898-0074-459F-B700-860D4651EA14}"
              }
            ],
            "repeated": 0,
            "id": 2464
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B5C8B898-0074-459F-B700-860D4651EA14}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2465
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B5C8B898-0074-459F-B700-860D4651EA14}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2466
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2467
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2468
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{FB012959-F4F6-44D7-9D09-DAA087A9DB57}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{FB012959-F4F6-44D7-9D09-DAA087A9DB57}"
              }
            ],
            "repeated": 0,
            "id": 2469
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FB012959-F4F6-44D7-9D09-DAA087A9DB57}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2470
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FB012959-F4F6-44D7-9D09-DAA087A9DB57}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2471
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2472
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2473
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{03012959-F4F6-44D7-9D09-DAA087A9DB57}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{03012959-F4F6-44D7-9D09-DAA087A9DB57}"
              }
            ],
            "repeated": 0,
            "id": 2474
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{03012959-F4F6-44D7-9D09-DAA087A9DB57}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2475
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{03012959-F4F6-44D7-9D09-DAA087A9DB57}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2476
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2477
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2478
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{D4DCD3D7-B4C2-47D9-A6BF-B89BA396A4A3}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{D4DCD3D7-B4C2-47D9-A6BF-B89BA396A4A3}"
              }
            ],
            "repeated": 0,
            "id": 2479
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D4DCD3D7-B4C2-47D9-A6BF-B89BA396A4A3}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2480
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D4DCD3D7-B4C2-47D9-A6BF-B89BA396A4A3}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2481
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2482
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2483
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0010668C-0801-4DA6-A4A4-826522B6D28F}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{0010668C-0801-4DA6-A4A4-826522B6D28F}"
              }
            ],
            "repeated": 0,
            "id": 2484
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0010668C-0801-4DA6-A4A4-826522B6D28F}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2485
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0010668C-0801-4DA6-A4A4-826522B6D28F}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2486
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2487
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2488
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{5805137A-E348-4F7C-B3CC-6DB9965A0599}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{5805137A-E348-4F7C-B3CC-6DB9965A0599}"
              }
            ],
            "repeated": 0,
            "id": 2489
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5805137A-E348-4F7C-B3CC-6DB9965A0599}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2490
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5805137A-E348-4F7C-B3CC-6DB9965A0599}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2491
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2492
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2493
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{02805F1E-D5AA-415B-82C5-61C033A988A6}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{02805F1E-D5AA-415B-82C5-61C033A988A6}"
              }
            ],
            "repeated": 0,
            "id": 2494
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{02805F1E-D5AA-415B-82C5-61C033A988A6}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2495
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{02805F1E-D5AA-415B-82C5-61C033A988A6}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2496
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2497
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2498
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fc2e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2499
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{4B59AFCC-B8C3-408A-B670-89E5FAB6FDA7}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{4B59AFCC-B8C3-408A-B670-89E5FAB6FDA7}"
              }
            ],
            "repeated": 0,
            "id": 2500
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4B59AFCC-B8C3-408A-B670-89E5FAB6FDA7}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2501
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4B59AFCC-B8C3-408A-B670-89E5FAB6FDA7}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2502
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2503
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2504
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}"
              }
            ],
            "repeated": 0,
            "id": 2505
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2506
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2507
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2508
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2509
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f18e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2510
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}"
              }
            ],
            "repeated": 0,
            "id": 2511
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2512
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2513
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2514
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2515
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}"
              }
            ],
            "repeated": 0,
            "id": 2516
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2517
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2518
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2519
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2520
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}"
              }
            ],
            "repeated": 0,
            "id": 2521
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2522
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2523
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2524
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2525
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}"
              }
            ],
            "repeated": 0,
            "id": 2526
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2527
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2528
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2529
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2530
          },
          {
            "timestamp": "2026-06-30 02:26:24,104",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{41070793-59E4-479A-A1F7-954ADC2EF5FC}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{41070793-59E4-479A-A1F7-954ADC2EF5FC}"
              }
            ],
            "repeated": 0,
            "id": 2531
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41070793-59E4-479A-A1F7-954ADC2EF5FC}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2532
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41070793-59E4-479A-A1F7-954ADC2EF5FC}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2533
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2534
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2535
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{B92E345D-F52D-41F3-B562-081BC772E3B9}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{B92E345D-F52D-41F3-B562-081BC772E3B9}"
              }
            ],
            "repeated": 0,
            "id": 2536
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B92E345D-F52D-41F3-B562-081BC772E3B9}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2537
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B92E345D-F52D-41F3-B562-081BC772E3B9}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2538
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2539
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2540
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{7447A267-0015-42C8-A8F1-FB3B94C68361}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{7447A267-0015-42C8-A8F1-FB3B94C68361}"
              }
            ],
            "repeated": 0,
            "id": 2541
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7447A267-0015-42C8-A8F1-FB3B94C68361}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2542
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7447A267-0015-42C8-A8F1-FB3B94C68361}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2543
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2544
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2545
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1767B93A-B021-44EA-920F-863C11F4F768}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{1767B93A-B021-44EA-920F-863C11F4F768}"
              }
            ],
            "repeated": 0,
            "id": 2546
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1767B93A-B021-44EA-920F-863C11F4F768}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2547
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1767B93A-B021-44EA-920F-863C11F4F768}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2548
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2549
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2550
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f18e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2551
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{9F66347C-60C4-4C4D-AB58-D2358685F607}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{9F66347C-60C4-4C4D-AB58-D2358685F607}"
              }
            ],
            "repeated": 0,
            "id": 2552
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F66347C-60C4-4C4D-AB58-D2358685F607}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2553
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F66347C-60C4-4C4D-AB58-D2358685F607}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2554
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2555
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2556
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{50B1904B-F28F-4574-93F4-0BADE82C69E9}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{50B1904B-F28F-4574-93F4-0BADE82C69E9}"
              }
            ],
            "repeated": 0,
            "id": 2557
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{50B1904B-F28F-4574-93F4-0BADE82C69E9}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2558
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{50B1904B-F28F-4574-93F4-0BADE82C69E9}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2559
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2560
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2561
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{356F2F88-05A6-4728-B9A4-1BFBCE04D838}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{356F2F88-05A6-4728-B9A4-1BFBCE04D838}"
              }
            ],
            "repeated": 0,
            "id": 2562
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{356F2F88-05A6-4728-B9A4-1BFBCE04D838}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2563
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{356F2F88-05A6-4728-B9A4-1BFBCE04D838}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2564
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2565
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2566
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{32557D3B-69DC-4F95-836E-F5972B2F6159}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{32557D3B-69DC-4F95-836E-F5972B2F6159}"
              }
            ],
            "repeated": 0,
            "id": 2567
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{32557D3B-69DC-4F95-836E-F5972B2F6159}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2568
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{32557D3B-69DC-4F95-836E-F5972B2F6159}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2569
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2570
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2571
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{3692CA39-E082-4350-9E1F-3704CB083CD5}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{3692CA39-E082-4350-9E1F-3704CB083CD5}"
              }
            ],
            "repeated": 0,
            "id": 2572
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3692CA39-E082-4350-9E1F-3704CB083CD5}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2573
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3692CA39-E082-4350-9E1F-3704CB083CD5}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2574
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2575
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2576
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0CE7A4A6-03E8-4A60-9D15-282EF32EE7DA}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{0CE7A4A6-03E8-4A60-9D15-282EF32EE7DA}"
              }
            ],
            "repeated": 0,
            "id": 2577
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0CE7A4A6-03E8-4A60-9D15-282EF32EE7DA}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2578
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0CE7A4A6-03E8-4A60-9D15-282EF32EE7DA}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2579
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2580
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2581
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{AABFB2FA-3E1E-4A8F-8977-5556FB94EA23}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{AABFB2FA-3E1E-4A8F-8977-5556FB94EA23}"
              }
            ],
            "repeated": 0,
            "id": 2582
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AABFB2FA-3E1E-4A8f-8977-5556FB94EA23}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2583
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AABFB2FA-3E1E-4A8f-8977-5556FB94EA23}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2584
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2585
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2586
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F90B5F36-367B-402A-9DD1-BC0FD59D8F62}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F90B5F36-367B-402A-9DD1-BC0FD59D8F62}"
              }
            ],
            "repeated": 0,
            "id": 2587
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F90B5F36-367B-402A-9DD1-BC0FD59D8F62}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2588
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F90B5F36-367B-402A-9DD1-BC0FD59D8F62}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2589
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2590
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2591
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{877A0BB7-A313-4491-87B5-2E6D0594F520}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{877A0BB7-A313-4491-87B5-2E6D0594F520}"
              }
            ],
            "repeated": 0,
            "id": 2592
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{877A0BB7-A313-4491-87B5-2E6D0594F520}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2593
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{877A0BB7-A313-4491-87B5-2E6D0594F520}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2594
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2595
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2596
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F5D3E63B-CB0F-4628-A478-6D8244BE36B1}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F5D3E63B-CB0F-4628-A478-6D8244BE36B1}"
              }
            ],
            "repeated": 0,
            "id": 2597
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F5D3E63B-CB0F-4628-A478-6D8244BE36B1}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2598
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F5D3E63B-CB0F-4628-A478-6D8244BE36B1}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2599
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2600
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2601
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{FB40360C-547E-4956-A3B9-D4418859BA66}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{FB40360C-547E-4956-A3B9-D4418859BA66}"
              }
            ],
            "repeated": 0,
            "id": 2602
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FB40360C-547E-4956-A3B9-D4418859BA66}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2603
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FB40360C-547E-4956-A3B9-D4418859BA66}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2604
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2605
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2606
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{D94EDF02-EFE5-4F0D-85C8-F5A68B3000B1}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{D94EDF02-EFE5-4F0D-85C8-F5A68B3000B1}"
              }
            ],
            "repeated": 0,
            "id": 2607
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D94EDF02-EFE5-4F0D-85C8-F5A68B3000B1}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2608
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D94EDF02-EFE5-4F0D-85C8-F5A68B3000B1}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2609
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2610
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2611
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{276C88CA-7533-4A86-B676-66B36080D484}"
              },
              {
                "name": "Handle",
                "value": "0x0000048e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{276C88CA-7533-4A86-B676-66B36080D484}"
              }
            ],
            "repeated": 0,
            "id": 2612
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe1e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000048e"
              },
              {
                "name": "SubKey",
                "value": "Containers"
              },
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{276C88CA-7533-4A86-B676-66B36080D484}\\Containers"
              }
            ],
            "repeated": 0,
            "id": 2613
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2feee",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{276C88CA-7533-4A86-B676-66B36080D484}\\Containers\\"
              }
            ],
            "repeated": 0,
            "id": 2614
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2fe3e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046e"
              }
            ],
            "repeated": 0,
            "id": 2615
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2ffce",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048e"
              }
            ],
            "repeated": 0,
            "id": 2616
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{ACDDFC3F-85EC-41BC-BDEF-1BC262E4DB05}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{ACDDFC3F-85EC-41BC-BDEF-1BC262E4DB05}"
              }
            ],
            "repeated": 0,
            "id": 2617
          },
          {
            "timestamp": "2026-06-30 02:26:24,120",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{2438DE3D-94D9-4BE8-84A8-4DE95A575E75}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{2438DE3D-94D9-4BE8-84A8-4DE95A575E75}"
              }
            ],
            "repeated": 0,
            "id": 2618
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{076F9911-A348-465C-A807-A252F3F2D3DE}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{076F9911-A348-465C-A807-A252F3F2D3DE}"
              }
            ],
            "repeated": 0,
            "id": 2619
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2f18e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2620
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{85A10B03-C9F6-439F-BE5E-C0FBEF67807C}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{85A10B03-C9F6-439F-BE5E-C0FBEF67807C}"
              }
            ],
            "repeated": 0,
            "id": 2621
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2fc3e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 0,
            "id": 2622
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2fcde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{05AF94D8-7174-4CD2-BE4A-4124B80EE4B8}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{05AF94D8-7174-4CD2-BE4A-4124B80EE4B8}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 2623
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2f8fe",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000048c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2624
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2f94e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c9e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00030000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2625
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2f95e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c9e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00030000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2626
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000048c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c9e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edea070"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2627
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000048c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c9f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edea070"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2628
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2f83e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000048c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734ca00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edea070"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2629
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2fdee",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2630
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c5fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#6119"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2631
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#6119"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2632
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x7ff98743bcb0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "PNG"
              },
              {
                "name": "Name",
                "value": "#6119"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2633
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x7ff98744fdf8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x7ff98743bcb0"
              }
            ],
            "repeated": 0,
            "id": 2634
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000044c",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x7ff98743bcb0"
              }
            ],
            "repeated": 0,
            "id": 2635
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2fc1e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7f4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2636
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2fdee",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7f5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2637
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c5fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#6126"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2638
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#6126"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2639
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x7ff98743bd20",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "PNG"
              },
              {
                "name": "Name",
                "value": "#6126"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2640
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x7ff987452048",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x7ff98743bd20"
              }
            ],
            "repeated": 0,
            "id": 2641
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c78e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000000cd",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x7ff98743bd20"
              }
            ],
            "repeated": 0,
            "id": 2642
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c7de",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#6105"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2643
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#6105"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2644
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x7ff98743bbd0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "Type",
                "value": "PNG"
              },
              {
                "name": "Name",
                "value": "#6105"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2645
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x7ff98744c2c8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x7ff98743bbd0"
              }
            ],
            "repeated": 0,
            "id": 2646
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001cd",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff9870a0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x7ff98743bbd0"
              }
            ],
            "repeated": 0,
            "id": 2647
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001002"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2648
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ce",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GlobalMemoryStatusEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MemoryLoad",
                "value": "48"
              },
              {
                "name": "TotalPhysicalMB",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 2649
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2650
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd993f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40701"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2651
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000000f2",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd993f8"
              }
            ],
            "repeated": 0,
            "id": 2652
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce1c0c0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd993f8"
              }
            ],
            "repeated": 0,
            "id": 2653
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9dd7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2654
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9dd7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2655
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13c0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#44"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2656
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2657
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99438",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40711"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2658
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000000f6",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99438"
              }
            ],
            "repeated": 0,
            "id": 2659
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce1c508",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99438"
              }
            ],
            "repeated": 0,
            "id": 2660
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13c0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#44"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2661
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2662
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99538",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40751"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2663
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000183",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99538"
              }
            ],
            "repeated": 0,
            "id": 2664
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce1d4d8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99538"
              }
            ],
            "repeated": 0,
            "id": 2665
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13c0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#44"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2666
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2667
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd994f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40741"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2668
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000000c4",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd994f8"
              }
            ],
            "repeated": 0,
            "id": 2669
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce1ca50",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd994f8"
              }
            ],
            "repeated": 0,
            "id": 2670
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2671
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2672
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd994b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40731"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2673
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000010c",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd994b8"
              }
            ],
            "repeated": 0,
            "id": 2674
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce1de10",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd994b8"
              }
            ],
            "repeated": 0,
            "id": 2675
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2676
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2677
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99478",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40721"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2678
          },
          {
            "timestamp": "2026-06-30 02:26:24,135",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000136",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99478"
              }
            ],
            "repeated": 0,
            "id": 2679
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce1ce68",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99478"
              }
            ],
            "repeated": 0,
            "id": 2680
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2681
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2682
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99578",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40761"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2683
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000017b",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99578"
              }
            ],
            "repeated": 0,
            "id": 2684
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce1e448",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99578"
              }
            ],
            "repeated": 0,
            "id": 2685
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2686
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2687
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd995b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40771"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2688
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000102",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd995b8"
              }
            ],
            "repeated": 0,
            "id": 2689
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce1ec38",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd995b8"
              }
            ],
            "repeated": 0,
            "id": 2690
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2691
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2692
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd995f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40781"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2693
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000126",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd995f8"
              }
            ],
            "repeated": 0,
            "id": 2694
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce1f1a8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd995f8"
              }
            ],
            "repeated": 0,
            "id": 2695
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2696
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2697
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99638",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40791"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2698
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001a6",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99638"
              }
            ],
            "repeated": 0,
            "id": 2699
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce1f710",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99638"
              }
            ],
            "repeated": 0,
            "id": 2700
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2701
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2702
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99678",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40801"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2703
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000016f",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99678"
              }
            ],
            "repeated": 0,
            "id": 2704
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce20040",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99678"
              }
            ],
            "repeated": 0,
            "id": 2705
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701056242",
            "parentcaller": "0x7ff701055548",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2706
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2707
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2708
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd998f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40901"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2709
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000155",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd998f8"
              }
            ],
            "repeated": 0,
            "id": 2710
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce20830",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd998f8"
              }
            ],
            "repeated": 0,
            "id": 2711
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2712
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2713
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd998b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40891"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2714
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000129",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd998b8"
              }
            ],
            "repeated": 0,
            "id": 2715
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce20f08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd998b8"
              }
            ],
            "repeated": 0,
            "id": 2716
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2717
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2718
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99938",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40911"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2719
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000142",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99938"
              }
            ],
            "repeated": 0,
            "id": 2720
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce215c0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99938"
              }
            ],
            "repeated": 0,
            "id": 2721
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2722
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2723
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99978",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40921"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2724
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000143",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99978"
              }
            ],
            "repeated": 0,
            "id": 2725
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce21c58",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99978"
              }
            ],
            "repeated": 0,
            "id": 2726
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2727
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2728
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99778",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40841"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2729
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000013b",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99778"
              }
            ],
            "repeated": 0,
            "id": 2730
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce22330",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99778"
              }
            ],
            "repeated": 0,
            "id": 2731
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2732
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2733
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd997b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40851"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2734
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000170",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd997b8"
              }
            ],
            "repeated": 0,
            "id": 2735
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce22b50",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd997b8"
              }
            ],
            "repeated": 0,
            "id": 2736
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2737
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2738
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd997f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40861"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2739
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000160",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd997f8"
              }
            ],
            "repeated": 0,
            "id": 2740
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce233e8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd997f8"
              }
            ],
            "repeated": 0,
            "id": 2741
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2742
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2743
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99738",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40831"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2744
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000140",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99738"
              }
            ],
            "repeated": 0,
            "id": 2745
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce244c0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99738"
              }
            ],
            "repeated": 0,
            "id": 2746
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#45"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2747
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2748
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd996b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40811"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2749
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000019c",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd996b8"
              }
            ],
            "repeated": 0,
            "id": 2750
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce23bc0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd996b8"
              }
            ],
            "repeated": 0,
            "id": 2751
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13e0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#46"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2752
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2753
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd996f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40821"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2754
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001de",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd996f8"
              }
            ],
            "repeated": 0,
            "id": 2755
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce24b78",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd996f8"
              }
            ],
            "repeated": 0,
            "id": 2756
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13e0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#46"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2757
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2758
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99838",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40871"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2759
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001a7",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99838"
              }
            ],
            "repeated": 0,
            "id": 2760
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce25630",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99838"
              }
            ],
            "repeated": 0,
            "id": 2761
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13e0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#46"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2762
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701056fab",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2763
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99878",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40881"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2764
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000195",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99878"
              }
            ],
            "repeated": 0,
            "id": 2765
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701056fab",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce25f88",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99878"
              }
            ],
            "repeated": 0,
            "id": 2766
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x7ff7010570ad",
            "parentcaller": "0x9b2020b2f99e",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13e0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#46"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2767
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x9b2020b2fb3e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d006c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "UIFile"
              },
              {
                "name": "Name",
                "value": "#2502"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2768
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x9b2020b2fb3e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d00d100",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 2769
          },
          {
            "timestamp": "2026-06-30 02:26:24,151",
            "thread_id": "336",
            "caller": "0x9b2020b2fb3e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00002902",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d006c08"
              }
            ],
            "repeated": 0,
            "id": 2770
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2fd0e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2771
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x7ff7010561d5",
            "parentcaller": "0x7ff701055f15",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2772
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x7ff701056c47",
            "parentcaller": "0x9b2020b2f23e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2773
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x7ff7010561d5",
            "parentcaller": "0x7ff701055f15",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2774
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2f32e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2775
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7f7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2776
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2f37e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7fa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2777
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60005"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2778
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd99d38",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60005"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2779
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf2b278",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99d38"
              }
            ],
            "repeated": 0,
            "id": 2780
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000220",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99d38"
              }
            ],
            "repeated": 0,
            "id": 2781
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2fe4e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2782
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2fcee",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7fd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2783
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60001"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2784
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd99cf8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60001"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2785
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf2ac50",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99cf8"
              }
            ],
            "repeated": 0,
            "id": 2786
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000010f",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99cf8"
              }
            ],
            "repeated": 0,
            "id": 2787
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60013"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2788
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd99db8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60013"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2789
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf2d170",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99db8"
              }
            ],
            "repeated": 0,
            "id": 2790
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000007a2",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99db8"
              }
            ],
            "repeated": 0,
            "id": 2791
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60009"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2792
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd99d78",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60009"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2793
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf2bda8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99d78"
              }
            ],
            "repeated": 0,
            "id": 2794
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000002a8",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99d78"
              }
            ],
            "repeated": 0,
            "id": 2795
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60021"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2796
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd99e38",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60021"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2797
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf30e90",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99e38"
              }
            ],
            "repeated": 0,
            "id": 2798
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000046a",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99e38"
              }
            ],
            "repeated": 0,
            "id": 2799
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60017"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2800
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd99df8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60017"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2801
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf30308",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99df8"
              }
            ],
            "repeated": 0,
            "id": 2802
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000254",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99df8"
              }
            ],
            "repeated": 0,
            "id": 2803
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60101"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2804
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9a338",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60101"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2805
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf55a60",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a338"
              }
            ],
            "repeated": 0,
            "id": 2806
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000007b2",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a338"
              }
            ],
            "repeated": 0,
            "id": 2807
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60097"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2808
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9a2f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60097"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2809
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf548a8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a2f8"
              }
            ],
            "repeated": 0,
            "id": 2810
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000012c",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a2f8"
              }
            ],
            "repeated": 0,
            "id": 2811
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c41e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60125"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2812
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c62e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9a4b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60125"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2813
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c62e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf62360",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a4b8"
              }
            ],
            "repeated": 0,
            "id": 2814
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c62e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000521",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a4b8"
              }
            ],
            "repeated": 0,
            "id": 2815
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c41e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60121"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2816
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c62e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9a478",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60121"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2817
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c62e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf61670",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a478"
              }
            ],
            "repeated": 0,
            "id": 2818
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c62e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001d6",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a478"
              }
            ],
            "repeated": 0,
            "id": 2819
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60141"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2820
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9a5b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60141"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2821
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf69730",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a5b8"
              }
            ],
            "repeated": 0,
            "id": 2822
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000002e9",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a5b8"
              }
            ],
            "repeated": 0,
            "id": 2823
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60137"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2824
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9a578",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60137"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2825
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf68f50",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a578"
              }
            ],
            "repeated": 0,
            "id": 2826
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c68e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000127",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9a578"
              }
            ],
            "repeated": 0,
            "id": 2827
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c508",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#38001"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2828
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfe6c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c508"
              }
            ],
            "repeated": 0,
            "id": 2829
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c548",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#38005"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2830
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c4fe",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfe90f0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c548"
              }
            ],
            "repeated": 0,
            "id": 2831
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c40e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d7ff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2832
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c7de",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60249"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2833
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9ac78",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60249"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2834
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf9b838",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ac78"
              }
            ],
            "repeated": 0,
            "id": 2835
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000016a",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ac78"
              }
            ],
            "repeated": 0,
            "id": 2836
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c7de",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60253"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2837
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9acb8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60253"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2838
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf9c320",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9acb8"
              }
            ],
            "repeated": 0,
            "id": 2839
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000094",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9acb8"
              }
            ],
            "repeated": 0,
            "id": 2840
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c7de",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60257"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2841
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9acf8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60257"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2842
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf9c5e8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9acf8"
              }
            ],
            "repeated": 0,
            "id": 2843
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001e6",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9acf8"
              }
            ],
            "repeated": 0,
            "id": 2844
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c7de",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60261"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2845
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9ad38",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60261"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2846
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf9d3a8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ad38"
              }
            ],
            "repeated": 0,
            "id": 2847
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000250",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ad38"
              }
            ],
            "repeated": 0,
            "id": 2848
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2fdbe",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d802000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2849
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c7de",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60265"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2850
          },
          {
            "timestamp": "2026-06-30 02:26:24,167",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9ad78",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60265"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2851
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf9e4f0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ad78"
              }
            ],
            "repeated": 0,
            "id": 2852
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001d0",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ad78"
              }
            ],
            "repeated": 0,
            "id": 2853
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c7de",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60269"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2854
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9adb8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60269"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2855
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf9f108",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9adb8"
              }
            ],
            "repeated": 0,
            "id": 2856
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000005f",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9adb8"
              }
            ],
            "repeated": 0,
            "id": 2857
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c7de",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60273"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2858
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9adf8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60273"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2859
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf9f2b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9adf8"
              }
            ],
            "repeated": 0,
            "id": 2860
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001ba",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9adf8"
              }
            ],
            "repeated": 0,
            "id": 2861
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c7de",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60277"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2862
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9ae38",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60277"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2863
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cf9fdd8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ae38"
              }
            ],
            "repeated": 0,
            "id": 2864
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c1ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000252",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ae38"
              }
            ],
            "repeated": 0,
            "id": 2865
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2fa1e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d804000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2866
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2f1fe",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d809000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2867
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2f11e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d80c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2868
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2fbde",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60337"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2869
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b1f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60337"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2870
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfad540",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b1f8"
              }
            ],
            "repeated": 0,
            "id": 2871
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001bb",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b1f8"
              }
            ],
            "repeated": 0,
            "id": 2872
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2f3ce",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d80f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2873
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2fbde",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60341"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2874
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b238",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60341"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2875
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfae1d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b238"
              }
            ],
            "repeated": 0,
            "id": 2876
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000016d",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b238"
              }
            ],
            "repeated": 0,
            "id": 2877
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2fa3e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60329"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2878
          },
          {
            "timestamp": "2026-06-30 02:26:24,182",
            "thread_id": "336",
            "caller": "0x9b2020b2c4ce",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b178",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60329"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2879
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c4ce",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaac80",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b178"
              }
            ],
            "repeated": 0,
            "id": 2880
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c4ce",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000412",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b178"
              }
            ],
            "repeated": 0,
            "id": 2881
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fa3e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60325"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2882
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c4ce",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b138",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60325"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2883
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c4ce",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaa198",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b138"
              }
            ],
            "repeated": 0,
            "id": 2884
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c4ce",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000016a",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b138"
              }
            ],
            "repeated": 0,
            "id": 2885
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fbde",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60381"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2886
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b4b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60381"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2887
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfb1db0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b4b8"
              }
            ],
            "repeated": 0,
            "id": 2888
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000127",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b4b8"
              }
            ],
            "repeated": 0,
            "id": 2889
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fbde",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60385"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2890
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b4f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60385"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2891
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfb2548",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b4f8"
              }
            ],
            "repeated": 0,
            "id": 2892
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000000d4",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b4f8"
              }
            ],
            "repeated": 0,
            "id": 2893
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb7e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60389"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2894
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b538",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60389"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2895
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfb2a00",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b538"
              }
            ],
            "repeated": 0,
            "id": 2896
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000158",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b538"
              }
            ],
            "repeated": 0,
            "id": 2897
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff70101be85",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2898
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9b338",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#60357"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2899
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000104",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b338"
              }
            ],
            "repeated": 0,
            "id": 2900
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaf5c8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b338"
              }
            ],
            "repeated": 0,
            "id": 2901
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff70101be85",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2902
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9b2f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#60353"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2903
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000094",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b2f8"
              }
            ],
            "repeated": 0,
            "id": 2904
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaf300",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b2f8"
              }
            ],
            "repeated": 0,
            "id": 2905
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb7e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60413"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2906
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b6b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60413"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2907
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfb6310",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b6b8"
              }
            ],
            "repeated": 0,
            "id": 2908
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001a3",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b6b8"
              }
            ],
            "repeated": 0,
            "id": 2909
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2f36e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d811000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2910
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb7e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60417"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2911
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b6f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60417"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2912
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfb6eb0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b6f8"
              }
            ],
            "repeated": 0,
            "id": 2913
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001bd",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b6f8"
              }
            ],
            "repeated": 0,
            "id": 2914
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb7e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60421"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2915
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b738",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60421"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2916
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfb7b28",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b738"
              }
            ],
            "repeated": 0,
            "id": 2917
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000016d",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b738"
              }
            ],
            "repeated": 0,
            "id": 2918
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb7e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60425"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2919
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b778",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60425"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2920
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfb85f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b778"
              }
            ],
            "repeated": 0,
            "id": 2921
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000013e",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b778"
              }
            ],
            "repeated": 0,
            "id": 2922
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb7e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60429"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2923
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b7b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60429"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2924
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfb8f10",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b7b8"
              }
            ],
            "repeated": 0,
            "id": 2925
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000113",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b7b8"
              }
            ],
            "repeated": 0,
            "id": 2926
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2f36e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d813000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2927
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb7e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60433"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2928
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b7f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60433"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2929
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfb98b0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b7f8"
              }
            ],
            "repeated": 0,
            "id": 2930
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c50e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000002b8",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b7f8"
              }
            ],
            "repeated": 0,
            "id": 2931
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb6e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60441"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2932
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b878",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60441"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2933
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfbb7a8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b878"
              }
            ],
            "repeated": 0,
            "id": 2934
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000044d",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b878"
              }
            ],
            "repeated": 0,
            "id": 2935
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2f35e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d815000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2936
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb6e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60437"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2937
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b838",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60437"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2938
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfbab90",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b838"
              }
            ],
            "repeated": 0,
            "id": 2939
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001d0",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b838"
              }
            ],
            "repeated": 0,
            "id": 2940
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb6e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60445"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2941
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b8b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60445"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2942
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfbd308",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b8b8"
              }
            ],
            "repeated": 0,
            "id": 2943
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000191",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b8b8"
              }
            ],
            "repeated": 0,
            "id": 2944
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb6e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60449"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2945
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b8f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60449"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2946
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfbdd90",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b8f8"
              }
            ],
            "repeated": 0,
            "id": 2947
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000283",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b8f8"
              }
            ],
            "repeated": 0,
            "id": 2948
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb6e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60441"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2949
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b878",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60441"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2950
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfbb7a8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b878"
              }
            ],
            "repeated": 0,
            "id": 2951
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000044d",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b878"
              }
            ],
            "repeated": 0,
            "id": 2952
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2fb6e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60437"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2953
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b838",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60437"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2954
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfbab90",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b838"
              }
            ],
            "repeated": 0,
            "id": 2955
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001d0",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b838"
              }
            ],
            "repeated": 0,
            "id": 2956
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2f59e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d817000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2957
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2f18e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d81a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2958
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2f80e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d81d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2959
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2f81e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d821000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2960
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2f8de",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d829000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2961
          },
          {
            "timestamp": "2026-06-30 02:26:24,198",
            "thread_id": "336",
            "caller": "0x9b2020b2c4ae",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "375"
              },
              {
                "name": "y",
                "value": "294"
              }
            ],
            "repeated": 0,
            "id": 2962
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f0de",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d838000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2963
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f34e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d83b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2964
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2ffee",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2965
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f0de",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d843000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2966
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f0de",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d846000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2967
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c40e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d849000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2968
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2fb6e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60457"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2969
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b978",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60457"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2970
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfbf0c0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b978"
              }
            ],
            "repeated": 0,
            "id": 2971
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000075",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b978"
              }
            ],
            "repeated": 0,
            "id": 2972
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f35e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d84c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2973
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2fb6e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60453"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2974
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b938",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60453"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2975
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfbef10",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b938"
              }
            ],
            "repeated": 0,
            "id": 2976
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c57e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000005f",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b938"
              }
            ],
            "repeated": 0,
            "id": 2977
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2fb0e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d84e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2978
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2fbde",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60465"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2979
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b9f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60465"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2980
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfbfe18",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b9f8"
              }
            ],
            "repeated": 0,
            "id": 2981
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000438",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b9f8"
              }
            ],
            "repeated": 0,
            "id": 2982
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2fbde",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60461"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2983
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9b9b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60461"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2984
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfbf2f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b9b8"
              }
            ],
            "repeated": 0,
            "id": 2985
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000001ba",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b9b8"
              }
            ],
            "repeated": 0,
            "id": 2986
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f37e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2987
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f25e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2988
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f6be",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2989
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f59e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2990
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f4de",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2991
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f77e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8c3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2992
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f25e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2993
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f6fe",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2994
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2e97e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2995
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f73e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8cc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2996
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f5ce",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8cf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2997
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f6ae",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2998
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f73e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2999
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2e97e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8d8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3000
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2ffde",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d853000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3001
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2ffee",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d856000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3002
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f28e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3003
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f31e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3004
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2fe2e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d85b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3005
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2fe5e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d860000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3006
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f3fe",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d865000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3007
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2fbde",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60473"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3008
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9ba78",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60473"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3009
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfc26e8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ba78"
              }
            ],
            "repeated": 0,
            "id": 3010
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000052e",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ba78"
              }
            ],
            "repeated": 0,
            "id": 3011
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2fcae",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3012
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f2ce",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3013
          },
          {
            "timestamp": "2026-06-30 02:26:24,214",
            "thread_id": "336",
            "caller": "0x9b2020b2f3ce",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d868000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3014
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2fbde",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#60469"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3015
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x1734cd9ba38",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "IMAGE"
              },
              {
                "name": "Name",
                "value": "#60469"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3016
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfc1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ba38"
              }
            ],
            "repeated": 0,
            "id": 3017
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2c5ee",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000252",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ba38"
              }
            ],
            "repeated": 0,
            "id": 3018
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2fdbe",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d86a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3019
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2f75e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3020
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2f75e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3021
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"
              },
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"
              }
            ],
            "repeated": 0,
            "id": 3022
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000047c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "67"
              },
              {
                "name": "MaxValueNameLength",
                "value": "27"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3023
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2e06e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d88b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3024
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "Lucida Sans Unicode"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Lucida Sans Unicode"
              }
            ],
            "repeated": 0,
            "id": 3025
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": "Microsoft Sans Serif"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft Sans Serif"
              }
            ],
            "repeated": 0,
            "id": 3026
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "ValueName",
                "value": "Tahoma"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Tahoma"
              }
            ],
            "repeated": 0,
            "id": 3027
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "ValueName",
                "value": "Segoe UI"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Segoe UI"
              }
            ],
            "repeated": 0,
            "id": 3028
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "ValueName",
                "value": "Segoe UI Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Segoe UI Bold"
              }
            ],
            "repeated": 0,
            "id": 3029
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "ValueName",
                "value": "Segoe UI Light"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Segoe UI Light"
              }
            ],
            "repeated": 0,
            "id": 3030
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "ValueName",
                "value": "Segoe UI Semilight"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Segoe UI Semilight"
              }
            ],
            "repeated": 0,
            "id": 3031
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "ValueName",
                "value": "Segoe UI Semibold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Segoe UI Semibold"
              }
            ],
            "repeated": 0,
            "id": 3032
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "ValueName",
                "value": "Ebrima"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Ebrima"
              }
            ],
            "repeated": 0,
            "id": 3033
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "ValueName",
                "value": "Ebrima Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Ebrima Bold"
              }
            ],
            "repeated": 0,
            "id": 3034
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "ValueName",
                "value": "Gadugi"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Gadugi"
              }
            ],
            "repeated": 0,
            "id": 3035
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "ValueName",
                "value": "Gadugi Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Gadugi Bold"
              }
            ],
            "repeated": 0,
            "id": 3036
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "ValueName",
                "value": "Khmer UI"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Khmer UI"
              }
            ],
            "repeated": 0,
            "id": 3037
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "ValueName",
                "value": "Khmer UI Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Khmer UI Bold"
              }
            ],
            "repeated": 0,
            "id": 3038
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "ValueName",
                "value": "Lao UI"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Lao UI"
              }
            ],
            "repeated": 0,
            "id": 3039
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "ValueName",
                "value": "Lao UI Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Lao UI Bold"
              }
            ],
            "repeated": 0,
            "id": 3040
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "ValueName",
                "value": "Leelawadee"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Leelawadee"
              }
            ],
            "repeated": 0,
            "id": 3041
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "ValueName",
                "value": "Leelawadee Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Leelawadee Bold"
              }
            ],
            "repeated": 0,
            "id": 3042
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "ValueName",
                "value": "Leelawadee UI"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Leelawadee UI"
              }
            ],
            "repeated": 0,
            "id": 3043
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "ValueName",
                "value": "Leelawadee UI Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Leelawadee UI Bold"
              }
            ],
            "repeated": 0,
            "id": 3044
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "ValueName",
                "value": "Nirmala UI"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Nirmala UI"
              }
            ],
            "repeated": 0,
            "id": 3045
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "ValueName",
                "value": "Nirmala UI Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Nirmala UI Bold"
              }
            ],
            "repeated": 0,
            "id": 3046
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "ValueName",
                "value": "Nirmala UI Semilight"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Nirmala UI Semilight"
              }
            ],
            "repeated": 0,
            "id": 3047
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "ValueName",
                "value": "MingLiU"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MingLiU"
              }
            ],
            "repeated": 0,
            "id": 3048
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "ValueName",
                "value": "PMingLiU"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\PMingLiU"
              }
            ],
            "repeated": 0,
            "id": 3049
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "ValueName",
                "value": "MingLiU_HKSCS"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MingLiU_HKSCS"
              }
            ],
            "repeated": 0,
            "id": 3050
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "ValueName",
                "value": "MingLiU-ExtB"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MingLiU-ExtB"
              }
            ],
            "repeated": 0,
            "id": 3051
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "ValueName",
                "value": "PMingLiU-ExtB"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\PMingLiU-ExtB"
              }
            ],
            "repeated": 0,
            "id": 3052
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "ValueName",
                "value": "MingLiU_HKSCS-ExtB"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MingLiU_HKSCS-ExtB"
              }
            ],
            "repeated": 0,
            "id": 3053
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "ValueName",
                "value": "Microsoft JhengHei"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft JhengHei"
              }
            ],
            "repeated": 0,
            "id": 3054
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "ValueName",
                "value": "Microsoft JhengHei Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft JhengHei Bold"
              }
            ],
            "repeated": 0,
            "id": 3055
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "ValueName",
                "value": "Microsoft JhengHei UI"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft JhengHei UI"
              }
            ],
            "repeated": 0,
            "id": 3056
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "ValueName",
                "value": "Microsoft JhengHei UI Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft JhengHei UI Bold"
              }
            ],
            "repeated": 0,
            "id": 3057
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "ValueName",
                "value": "Microsoft JhengHei UI Light"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft JhengHei UI Light"
              }
            ],
            "repeated": 0,
            "id": 3058
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "ValueName",
                "value": "SimSun"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\SimSun"
              }
            ],
            "repeated": 0,
            "id": 3059
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "ValueName",
                "value": "SimSun-ExtB"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\SimSun-ExtB"
              }
            ],
            "repeated": 0,
            "id": 3060
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "ValueName",
                "value": "NSimSun"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\NSimSun"
              }
            ],
            "repeated": 0,
            "id": 3061
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "ValueName",
                "value": "Microsoft YaHei"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft YaHei"
              }
            ],
            "repeated": 0,
            "id": 3062
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "ValueName",
                "value": "Microsoft YaHei Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft YaHei Bold"
              }
            ],
            "repeated": 0,
            "id": 3063
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "ValueName",
                "value": "Microsoft YaHei UI"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft YaHei UI"
              }
            ],
            "repeated": 0,
            "id": 3064
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "ValueName",
                "value": "Microsoft YaHei UI Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft YaHei UI Bold"
              }
            ],
            "repeated": 0,
            "id": 3065
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "ValueName",
                "value": "Microsoft YaHei UI Light"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Microsoft YaHei UI Light"
              }
            ],
            "repeated": 0,
            "id": 3066
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "ValueName",
                "value": "Yu Gothic UI"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Yu Gothic UI"
              }
            ],
            "repeated": 0,
            "id": 3067
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "ValueName",
                "value": "Yu Gothic UI Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Yu Gothic UI Bold"
              }
            ],
            "repeated": 0,
            "id": 3068
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "ValueName",
                "value": "Yu Gothic UI Light"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Yu Gothic UI Light"
              }
            ],
            "repeated": 0,
            "id": 3069
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "ValueName",
                "value": "Yu Gothic UI Semilight"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Yu Gothic UI Semilight"
              }
            ],
            "repeated": 0,
            "id": 3070
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "ValueName",
                "value": "Yu Gothic UI Semibold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Yu Gothic UI Semibold"
              }
            ],
            "repeated": 0,
            "id": 3071
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "ValueName",
                "value": "Meiryo"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Meiryo"
              }
            ],
            "repeated": 0,
            "id": 3072
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "ValueName",
                "value": "Meiryo Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Meiryo Bold"
              }
            ],
            "repeated": 0,
            "id": 3073
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "ValueName",
                "value": "Meiryo UI"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Meiryo UI"
              }
            ],
            "repeated": 0,
            "id": 3074
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "ValueName",
                "value": "Meiryo UI Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Meiryo UI Bold"
              }
            ],
            "repeated": 0,
            "id": 3075
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "ValueName",
                "value": "MS Gothic"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MS Gothic"
              }
            ],
            "repeated": 0,
            "id": 3076
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "ValueName",
                "value": "MS PGothic"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MS PGothic"
              }
            ],
            "repeated": 0,
            "id": 3077
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "ValueName",
                "value": "MS UI Gothic"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MS UI Gothic"
              }
            ],
            "repeated": 0,
            "id": 3078
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "ValueName",
                "value": "MS Mincho"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MS Mincho"
              }
            ],
            "repeated": 0,
            "id": 3079
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "ValueName",
                "value": "MS PMincho"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\MS PMincho"
              }
            ],
            "repeated": 0,
            "id": 3080
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "ValueName",
                "value": "Batang"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Batang"
              }
            ],
            "repeated": 0,
            "id": 3081
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "ValueName",
                "value": "BatangChe"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\BatangChe"
              }
            ],
            "repeated": 0,
            "id": 3082
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "ValueName",
                "value": "Dotum"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Dotum"
              }
            ],
            "repeated": 0,
            "id": 3083
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "ValueName",
                "value": "DotumChe"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\DotumChe"
              }
            ],
            "repeated": 0,
            "id": 3084
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "ValueName",
                "value": "Gulim"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Gulim"
              }
            ],
            "repeated": 0,
            "id": 3085
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "ValueName",
                "value": "GulimChe"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\GulimChe"
              }
            ],
            "repeated": 0,
            "id": 3086
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "ValueName",
                "value": "Gungsuh"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Gungsuh"
              }
            ],
            "repeated": 0,
            "id": 3087
          },
          {
            "timestamp": "2026-06-30 02:26:24,229",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "ValueName",
                "value": "GungsuhChe"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\GungsuhChe"
              }
            ],
            "repeated": 0,
            "id": 3088
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "ValueName",
                "value": "Malgun Gothic"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Malgun Gothic"
              }
            ],
            "repeated": 0,
            "id": 3089
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "ValueName",
                "value": "Malgun Gothic Bold"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Malgun Gothic Bold"
              }
            ],
            "repeated": 0,
            "id": 3090
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "ValueName",
                "value": "Malgun Gothic Semilight"
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\Malgun Gothic Semilight"
              }
            ],
            "repeated": 0,
            "id": 3091
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "Index",
                "value": "67"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink\\"
              }
            ],
            "repeated": 0,
            "id": 3092
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2ecde",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              }
            ],
            "repeated": 0,
            "id": 3093
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e1fe",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d88e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3094
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2ee0e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 3095
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e1ae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0"
              },
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0"
              }
            ],
            "repeated": 0,
            "id": 3096
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e1ae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "ValueName",
                "value": "Disable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable"
              }
            ],
            "repeated": 0,
            "id": 3097
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e1ae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              },
              {
                "name": "ValueName",
                "value": "DataFilePath"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Fonts\\staticcache.dat"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath"
              }
            ],
            "repeated": 0,
            "id": 3098
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e1ae",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000047c"
              }
            ],
            "repeated": 0,
            "id": 3099
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e73e",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000047c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\staticcache.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3100
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e08e",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000047c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\StaticCache.dat"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00&\\x01\\x00\\x00\\x00\\x00\\x00\\x00&\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3101
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e0fe",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000047c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\StaticCache.dat"
              },
              {
                "name": "Buffer",
                "value": "\\x1a\\x83W\\xa5\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00$\\x01\\x00\\x00$)\\x00\\x00\\x00\\x00\\x02\\x00\\xbe\\x02\\x00\\x00<\\x00\\x00\\x00$!\\x00\\x00L)\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00"
              },
              {
                "name": "Length",
                "value": "60"
              }
            ],
            "repeated": 0,
            "id": 3102
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e06e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000047c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\StaticCache.dat"
              }
            ],
            "repeated": 0,
            "id": 3103
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e06e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734e340000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5ede8820"
              },
              {
                "name": "ViewSize",
                "value": "0x01260000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3104
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e11e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d895000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3105
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2189e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 3106
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2184e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "TextShaping.dll"
              }
            ],
            "repeated": 0,
            "id": 3107
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21c7e",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\TextShaping.dll"
              }
            ],
            "repeated": 0,
            "id": 3108
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21dce",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000490"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\TextShaping.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3109
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21dce",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000490"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\TextShaping.dll"
              }
            ],
            "repeated": 0,
            "id": 3110
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21c3e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000480"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998f00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000ac000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3111
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21c0e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998f4f000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3112
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21c0e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998f4f000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3113
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21c0e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998f4f000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3114
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21c0e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998f4f000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3115
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21c1e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998f4f000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3116
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21dce",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 3117
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21dce",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              }
            ],
            "repeated": 0,
            "id": 3118
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21f1e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998f4f000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3119
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21e2e",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000490"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\TextShaping.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3120
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21e2e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              }
            ],
            "repeated": 0,
            "id": 3121
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21e2e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\TextShaping"
              },
              {
                "name": "DllBase",
                "value": "0x7ff998f00000"
              }
            ],
            "repeated": 0,
            "id": 3122
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b21f3e",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\TextShaping"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998f00000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff998f4a760"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3123
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e52e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8286000"
              },
              {
                "name": "ModuleName",
                "value": "gdi32full.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3124
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2e52e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8286000"
              },
              {
                "name": "ModuleName",
                "value": "gdi32full.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3125
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f09e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              },
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              }
            ],
            "repeated": 0,
            "id": 3126
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1"
              }
            ],
            "repeated": 0,
            "id": 3127
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane2"
              },
              {
                "name": "Data",
                "value": "SimSun-ExtB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2"
              }
            ],
            "repeated": 0,
            "id": 3128
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3"
              }
            ],
            "repeated": 0,
            "id": 3129
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4"
              }
            ],
            "repeated": 0,
            "id": 3130
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane5"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5"
              }
            ],
            "repeated": 0,
            "id": 3131
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6"
              }
            ],
            "repeated": 0,
            "id": 3132
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane7"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7"
              }
            ],
            "repeated": 0,
            "id": 3133
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8"
              }
            ],
            "repeated": 0,
            "id": 3134
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane9"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9"
              }
            ],
            "repeated": 0,
            "id": 3135
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane10"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10"
              }
            ],
            "repeated": 0,
            "id": 3136
          },
          {
            "timestamp": "2026-06-30 02:26:24,245",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane11"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11"
              }
            ],
            "repeated": 0,
            "id": 3137
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane12"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12"
              }
            ],
            "repeated": 0,
            "id": 3138
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane13"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13"
              }
            ],
            "repeated": 0,
            "id": 3139
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane14"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14"
              }
            ],
            "repeated": 0,
            "id": 3140
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane15"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15"
              }
            ],
            "repeated": 0,
            "id": 3141
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f06e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "ValueName",
                "value": "Plane16"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16"
              }
            ],
            "repeated": 0,
            "id": 3142
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f09e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              }
            ],
            "repeated": 0,
            "id": 3143
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f09e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              },
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              }
            ],
            "repeated": 0,
            "id": 3144
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f07e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000490"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "4"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "13"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3145
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f07e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "MingLiU"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\MingLiU"
              }
            ],
            "repeated": 0,
            "id": 3146
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f07e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "MingLiU_HKSCS"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\MingLiU_HKSCS"
              }
            ],
            "repeated": 0,
            "id": 3147
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f07e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "PMingLiU"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\PMingLiU"
              }
            ],
            "repeated": 0,
            "id": 3148
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f07e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "SimSun"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\SimSun"
              }
            ],
            "repeated": 0,
            "id": 3149
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f09e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000490"
              },
              {
                "name": "SubKey",
                "value": "Segoe UI"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI"
              }
            ],
            "repeated": 0,
            "id": 3150
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x9b2020b2f09e",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000490"
              }
            ],
            "repeated": 0,
            "id": 3151
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "windows",
            "api": "PostMessageA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000804aa"
              },
              {
                "name": "Message",
                "value": "0x00000d00"
              }
            ],
            "repeated": 0,
            "id": 3152
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001002"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3153
          },
          {
            "timestamp": "2026-06-30 02:26:24,260",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0d6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3154
          },
          {
            "timestamp": "2026-06-30 02:26:24,276",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001002"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3155
          },
          {
            "timestamp": "2026-06-30 02:26:24,276",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3156
          },
          {
            "timestamp": "2026-06-30 02:26:24,276",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3157
          },
          {
            "timestamp": "2026-06-30 02:26:24,276",
            "thread_id": "336",
            "caller": "0x7ff70101b4a7",
            "parentcaller": "0x7ff70101a0f8",
            "category": "windows",
            "api": "PostMessageA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000804aa"
              },
              {
                "name": "Message",
                "value": "0x00000d00"
              }
            ],
            "repeated": 1,
            "id": 3158
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff7010123d2",
            "parentcaller": "0x7ff70101a10c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\oleacc"
              },
              {
                "name": "DllBase",
                "value": "0x7ff992900000"
              }
            ],
            "repeated": 0,
            "id": 3159
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff7010123d2",
            "parentcaller": "0x7ff70101a10c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\oleacc.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff992900000"
              }
            ],
            "repeated": 0,
            "id": 3160
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff7010123d2",
            "parentcaller": "0x7ff70101a10c",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "OLEAUT32.DLL"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9530000"
              }
            ],
            "repeated": 0,
            "id": 3161
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff7010123d2",
            "parentcaller": "0x7ff70101a10c",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B5F8350B-0548-48B1-A6EE-88BD00B4A5E7"
              },
              {
                "name": "ClsContext",
                "value": "0x00000003",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER"
              },
              {
                "name": "riid",
                "value": "6E26E776-04F0-495D-80E4-3330352E3169"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3162
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff701012452",
            "parentcaller": "0x7ff70101a10c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99295d000"
              },
              {
                "name": "ModuleName",
                "value": "oleacc.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3163
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff701012452",
            "parentcaller": "0x7ff70101a10c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99295d000"
              },
              {
                "name": "ModuleName",
                "value": "oleacc.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3164
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff701012452",
            "parentcaller": "0x7ff70101a10c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09250000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3165
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff701012452",
            "parentcaller": "0x7ff70101a10c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99295d000"
              },
              {
                "name": "ModuleName",
                "value": "oleacc.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3166
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff701012452",
            "parentcaller": "0x7ff70101a10c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99295d000"
              },
              {
                "name": "ModuleName",
                "value": "oleacc.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3167
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff701012452",
            "parentcaller": "0x7ff70101a10c",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 3168
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff7010124c0",
            "parentcaller": "0x7ff70101a10c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09260000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3169
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff7010124c0",
            "parentcaller": "0x7ff70101a10c",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 3170
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff7010124c0",
            "parentcaller": "0x7ff70101a10c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09250000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3171
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1990",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#9"
              },
              {
                "name": "Name",
                "value": "#2"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3172
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x173493ba224",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x173493b1990"
              }
            ],
            "repeated": 0,
            "id": 3173
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff700febb49",
            "parentcaller": "0x7ff700febbe1",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000400",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3174
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff700febb6f",
            "parentcaller": "0x7ff700febbe1",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000300",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3175
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000484"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\RotHintTable"
              }
            ],
            "repeated": 0,
            "id": 3176
          },
          {
            "timestamp": "2026-06-30 02:26:24,292",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000484"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5eded400"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3177
          },
          {
            "timestamp": "2026-06-30 02:26:24,307",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "StdExit"
              },
              {
                "name": "Atom",
                "value": "0x0000c001"
              }
            ],
            "repeated": 0,
            "id": 3178
          },
          {
            "timestamp": "2026-06-30 02:26:24,307",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 8,
            "id": 3179
          },
          {
            "timestamp": "2026-06-30 02:26:24,307",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 3180
          },
          {
            "timestamp": "2026-06-30 02:26:24,307",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3181
          },
          {
            "timestamp": "2026-06-30 02:26:24,307",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 3182
          },
          {
            "timestamp": "2026-06-30 02:26:24,307",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Ole"
              },
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole"
              }
            ],
            "repeated": 0,
            "id": 3183
          },
          {
            "timestamp": "2026-06-30 02:26:24,307",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "MaximumAllowedAllocationSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaximumAllowedAllocationSize"
              }
            ],
            "repeated": 0,
            "id": 3184
          },
          {
            "timestamp": "2026-06-30 02:26:24,307",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 0,
            "id": 3185
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff701017620",
            "parentcaller": "0x7ff7010170df",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 3186
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff701017620",
            "parentcaller": "0x7ff7010170df",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 3187
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff701017620",
            "parentcaller": "0x7ff7010170df",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3188
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff701017620",
            "parentcaller": "0x7ff7010170df",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 0,
            "id": 3189
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff701017620",
            "parentcaller": "0x7ff7010170df",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3190
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x8dDg|\\x12\\x08\\xdd\\x01\\x8dDg|\\x12\\x08\\xdd\\x01\\x8dDg|\\x12\\x08\\xdd\\x01\\x8e5r\\xcd7\\x08\\xdd\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3191
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3192
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 3193
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "44"
              }
            ],
            "repeated": 0,
            "id": 3194
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x1734f5c0002",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "tzres.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000822"
              }
            ],
            "repeated": 0,
            "id": 3195
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 3196
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3197
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 3198
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edec220"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3199
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3200
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              }
            ],
            "repeated": 0,
            "id": 3201
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 3202
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              }
            ],
            "repeated": 0,
            "id": 3203
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x1734f5c0002",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "tzres.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000822"
              }
            ],
            "repeated": 0,
            "id": 3204
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 3205
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3206
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 3207
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edec220"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3208
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3209
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              }
            ],
            "repeated": 0,
            "id": 3210
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 3211
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              }
            ],
            "repeated": 0,
            "id": 3212
          },
          {
            "timestamp": "2026-06-30 02:26:24,323",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 3213
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3214
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3215
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff7010170df",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3216
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701018771",
            "parentcaller": "0x7ff701018901",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x8dDg|\\x12\\x08\\xdd\\x01\\x8dDg|\\x12\\x08\\xdd\\x01\\x8dDg|\\x12\\x08\\xdd\\x01\\x8e5r\\xcd7\\x08\\xdd\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3217
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701018771",
            "parentcaller": "0x7ff701018901",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3218
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701018771",
            "parentcaller": "0x7ff701018901",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 3219
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3220
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImageEncodersSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff990183c50"
              }
            ],
            "repeated": 0,
            "id": 3221
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3222
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3223
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImageEncoders"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff990182980"
              }
            ],
            "repeated": 0,
            "id": 3224
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3225
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3226
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateBitmapFromFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901c3a20"
              }
            ],
            "repeated": 0,
            "id": 3227
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3228
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c8000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3229
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c8000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3230
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3231
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3232
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 3233
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5eded8c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3234
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3235
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3236
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 3237
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3238
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 3239
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5eded8b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3240
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3241
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3242
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 3243
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3244
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3245
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3246
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xd8\\xff\\xe0\\x00\\x10JFIF\\x00\\x01\\x01\\x00\\x00\\x01\\x00\\x01\\x00\\x00\\xff\\xdb"
              },
              {
                "name": "Length",
                "value": "22"
              }
            ],
            "repeated": 0,
            "id": 3247
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3248
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xd8\\xff\\xe0\\x00\\x10JFIF\\x00\\x01\\x01\\x00\\x00\\x01\\x00\\x01"
              },
              {
                "name": "Length",
                "value": "18"
              }
            ],
            "repeated": 0,
            "id": 3249
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 3250
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c853000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3251
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3252
          },
          {
            "timestamp": "2026-06-30 02:26:24,339",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3253
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 3254
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5eded890"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3255
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3256
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "WindowsCodecs.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99cf00000"
              }
            ],
            "repeated": 0,
            "id": 3257
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff99cf00000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "WindowsCodecs.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3258
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "windowscodecs.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff99cf00000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99cf168e0"
              }
            ],
            "repeated": 0,
            "id": 3259
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011640",
            "parentcaller": "0x7ff701011b72",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x8dDg|\\x12\\x08\\xdd\\x01\\x8dDg|\\x12\\x08\\xdd\\x01\\x8dDg|\\x12\\x08\\xdd\\x01\\x8e5r\\xcd7\\x08\\xdd\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3260
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3261
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetPropertySize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901bb610"
              }
            ],
            "repeated": 0,
            "id": 3262
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3263
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011684",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3264
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011684",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8e9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3265
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011684",
            "parentcaller": "0x7ff701011b72",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}"
              },
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}"
              }
            ],
            "repeated": 0,
            "id": 3266
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011684",
            "parentcaller": "0x7ff701011b72",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049e"
              },
              {
                "name": "SubKey",
                "value": "Namespaces"
              },
              {
                "name": "Handle",
                "value": "0x00000482"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Namespaces"
              }
            ],
            "repeated": 0,
            "id": 3267
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011684",
            "parentcaller": "0x7ff701011b72",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000482"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "128"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Namespaces\\"
              }
            ],
            "repeated": 0,
            "id": 3268
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011684",
            "parentcaller": "0x7ff701011b72",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000482"
              }
            ],
            "repeated": 0,
            "id": 3269
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011684",
            "parentcaller": "0x7ff701011b72",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              }
            ],
            "repeated": 0,
            "id": 3270
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3271
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetAllPropertyItems"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901bad30"
              }
            ],
            "repeated": 0,
            "id": 3272
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3273
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3274
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImageRawFormat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901cabd0"
              }
            ],
            "repeated": 0,
            "id": 3275
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3276
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3277
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetPropertyItemSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901c15c0"
              }
            ],
            "repeated": 0,
            "id": 3278
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3279
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3280
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImagePixelFormat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901d6a00"
              }
            ],
            "repeated": 0,
            "id": 3281
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3282
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3283
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipSaveImageToStream"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901d1b40"
              }
            ],
            "repeated": 0,
            "id": 3284
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3285
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011a3b",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3286
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011a3b",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c854000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3287
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011a3b",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c855000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3288
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011a3b",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d8aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3289
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011a3b",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d8b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3290
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011a3b",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d8b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3291
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011a3b",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d8b5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3292
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011a3b",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d8b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3293
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff700fee01a",
            "parentcaller": "0x7ff701011a3b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0024b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3294
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff700fee01a",
            "parentcaller": "0x7ff701011a3b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3295
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff700fee01a",
            "parentcaller": "0x7ff701011a3b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f82a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3296
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3297
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDisposeImage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff990186c50"
              }
            ],
            "repeated": 0,
            "id": 3298
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3299
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011aa8",
            "parentcaller": "0x7ff701011b72",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3300
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011aa8",
            "parentcaller": "0x7ff701011b72",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 3301
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011c44",
            "parentcaller": "0x7ff701011bca",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 3302
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011c44",
            "parentcaller": "0x7ff701011bca",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 3303
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011c44",
            "parentcaller": "0x7ff701011bca",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3304
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011c44",
            "parentcaller": "0x7ff701011bca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 3305
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011c44",
            "parentcaller": "0x7ff701011bca",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3306
          },
          {
            "timestamp": "2026-06-30 02:26:24,354",
            "thread_id": "336",
            "caller": "0x7ff701011c5d",
            "parentcaller": "0x7ff701011bca",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 3307
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff701011c5d",
            "parentcaller": "0x7ff701011bca",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3308
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff701011c5d",
            "parentcaller": "0x7ff701011bca",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3309
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff701011c5d",
            "parentcaller": "0x7ff701011bca",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3310
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff701011c9b",
            "parentcaller": "0x7ff701011bca",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000498"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xd8\\xff\\xe0\\x00\\x10JFIF\\x00\\x01\\x01\\x00\\x00\\x01\\x00\\x01\\x00\\x00\\xff\\xdb\\x00C\\x00\\x08\\x06\\x06\\x07\\x06\\x05\\x08\\x07\\x07\\x07\t\t\\x08\n\\x0c\\x14\r\\x0c\\x0b\\x0b\\x0c\\x19\\x12\\x13\\x0f\\x14\\x1d\\x1a\\x1f\\x1e\\x1d\\x1a\\x1c\\x1c $.' \",#\\x1c\\x1c(7),01444\\x1f'9=82<.342\\xff\\xdb\\x00C\\x01\t\t\t\\x0c\\x0b\\x0c\\x18\r\r\\x182!\\x1c!22222222222222222222222222222222222222222222222222\\xff\\xc0\\x00\\x11\\x08\\x03\\x00\\x04\\x00\\x03\\x01\"\\x00\\x02\\x11\\x01\\x03\\x11\\x01\\xff\\xc4\\x00\\x1f\\x00\\x00\\x01\\x05\\x01\\x01\\x01\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\t\n\\x0b\\xff\\xc4\\x00\\xb5\\x10\\x00\\x02\\x01\\x03\\x03\\x02\\x04\\x03\\x05\\x05\\x04\\x04\\x00\\x00\\x01}\\x01\\x02\\x03\\x00\\x04\\x11\\x05\\x12!1A\\x06\\x13Qa\\x07\"q\\x142\\x81\\x91\\xa1\\x08#"
              },
              {
                "name": "Length",
                "value": "84157"
              }
            ],
            "repeated": 0,
            "id": 3311
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff701011d5e",
            "parentcaller": "0x7ff701011bca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 3312
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9161000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3313
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9161000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3314
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9161000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3315
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9161000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3316
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699b000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3317
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699b000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3318
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa332000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3319
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa332000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3320
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000006"
              },
              {
                "name": "ObjectAttributes",
                "value": "windows_shell_global_counters"
              }
            ],
            "repeated": 0,
            "id": 3321
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000498"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5eded3b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3322
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa332000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3323
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa332000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3324
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3325
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesMyComputer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer"
              }
            ],
            "repeated": 0,
            "id": 3326
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 3327
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3328
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesMyComputer"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer"
              }
            ],
            "repeated": 0,
            "id": 3329
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 3330
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3331
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesRecycleBin"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin"
              }
            ],
            "repeated": 0,
            "id": 3332
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 3333
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3334
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesRecycleBin"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin"
              }
            ],
            "repeated": 0,
            "id": 3335
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 3336
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3337
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3338
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 3339
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa9f93b0"
              }
            ],
            "repeated": 0,
            "id": 3340
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa8f9b0"
              }
            ],
            "repeated": 0,
            "id": 3341
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa32450"
              }
            ],
            "repeated": 0,
            "id": 3342
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa6f950"
              }
            ],
            "repeated": 0,
            "id": 3343
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa4cb70"
              }
            ],
            "repeated": 0,
            "id": 3344
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa53330"
              }
            ],
            "repeated": 0,
            "id": 3345
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4504:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3346
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 3347
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3348
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3349
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3350
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3351
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3352
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3353
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 3354
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 3355
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4504:120:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3356
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 3357
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3358
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3359
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3360
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3361
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3362
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3363
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3364
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3365
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3366
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "NoControlPanel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel"
              }
            ],
            "repeated": 0,
            "id": 3367
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3368
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3369
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "NoControlPanel"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel"
              }
            ],
            "repeated": 0,
            "id": 3370
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3371
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3372
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "NoSetFolders"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders"
              }
            ],
            "repeated": 0,
            "id": 3373
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3374
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3375
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "NoSetFolders"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders"
              }
            ],
            "repeated": 0,
            "id": 3376
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3377
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3378
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "NoInternetIcon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon"
              }
            ],
            "repeated": 0,
            "id": 3379
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3380
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3381
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "NoInternetIcon"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon"
              }
            ],
            "repeated": 0,
            "id": 3382
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3383
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\mspaint.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\mspaint.exe"
              }
            ],
            "repeated": 0,
            "id": 3384
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3385
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3386
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 3387
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 3388
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3389
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3390
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3391
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 3392
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 3393
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3394
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3395
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3396
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3397
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "NoCommonGroups"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups"
              }
            ],
            "repeated": 0,
            "id": 3398
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3399
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3400
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "NoCommonGroups"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups"
              }
            ],
            "repeated": 0,
            "id": 3401
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3402
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3403
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3404
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9161000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3405
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9161000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3406
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3407
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3408
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3409
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3410
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3411
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3412
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3413
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3414
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 3415
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 3416
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Data",
                "value": "1581568"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 3417
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              }
            ],
            "repeated": 0,
            "id": 3418
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3419
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3420
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3421
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 3422
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3423
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 3424
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 3425
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3426
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3427
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3428
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 3429
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 3430
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3431
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3432
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3433
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 3434
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 3435
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3436
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3437
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3438
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "C:\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3439
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3440
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a4"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3441
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3442
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Data",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00o\\xb6d\\x1c\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 3443
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3444
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3445
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3446
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3447
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 3448
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3449
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3450
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3451
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3452
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80`\\x89Ms\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3453
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3454
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000004a4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3455
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "4776",
            "caller": "0x7ff9aaa04d42",
            "parentcaller": "0x7ff9aaa04aaa",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8110000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0004e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3456
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a4"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3457
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 3458
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "4776",
            "caller": "0x7ff9aa9fffed",
            "parentcaller": "0x7ff9aa9ffad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8149000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3459
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "4776",
            "caller": "0x7ff9aaa00068",
            "parentcaller": "0x7ff9aa9ffad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8149000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3460
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "4776",
            "caller": "0x7ff9aaa0009c",
            "parentcaller": "0x7ff9aa9ffad8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8149000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3461
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "4776",
            "caller": "0x7ff9aaa05082",
            "parentcaller": "0x7ff9aaa079d2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8148000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3462
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 3463
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "4776",
            "caller": "0x7ff9aaa04485",
            "parentcaller": "0x7ff9aaa5b1dd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3464
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3465
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "4776",
            "caller": "0x7ff9aaa37b9c",
            "parentcaller": "0x7ff9aaa2288a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8148000"
              },
              {
                "name": "ModuleName",
                "value": "CFGMGR32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3466
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Drive\\shellex\\FolderExtensions"
              },
              {
                "name": "Handle",
                "value": "0x000004aa"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions"
              }
            ],
            "repeated": 0,
            "id": 3467
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "4776",
            "caller": "0x7ff9a5a368fe",
            "parentcaller": "0x7ff9a5a3717c",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cfgmgr32.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3468
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "4776",
            "caller": "0x7ff9a5a369f4",
            "parentcaller": "0x7ff9a5a3717c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3469
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "4776",
            "caller": "0x7ff9a5a369f4",
            "parentcaller": "0x7ff9a5a3717c",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CFGMGR32"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a8110000"
              }
            ],
            "repeated": 0,
            "id": 3470
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              },
              {
                "name": "ValueName",
                "value": "DriveMask"
              },
              {
                "name": "Data",
                "value": "32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask"
              }
            ],
            "repeated": 0,
            "id": 3471
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a6"
              }
            ],
            "repeated": 0,
            "id": 3472
          },
          {
            "timestamp": "2026-06-30 02:26:24,370",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004aa"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\"
              }
            ],
            "repeated": 0,
            "id": 3473
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004aa"
              }
            ],
            "repeated": 0,
            "id": 3474
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699b000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3475
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699b000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3476
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Policies\\Microsoft\\Windows\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3477
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "ValueName",
                "value": "UseFindFirstFileEnumeration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration"
              }
            ],
            "repeated": 0,
            "id": 3478
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3479
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Policies\\Microsoft\\Windows\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3480
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "ValueName",
                "value": "UseFindFirstFileEnumeration"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration"
              }
            ],
            "repeated": 0,
            "id": 3481
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3482
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3483
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a8"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3484
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a8"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x017\\xa7\\xfd\\xe3w\\x07\\xdd\\x01oE\\xfb\\xe3w\\x07\\xdd\\x01oE\\xfb\\xe3w\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\x01\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 3485
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3486
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a86cf000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3487
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a86cf000"
              },
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3488
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a8114cdf",
            "parentcaller": "0x7ff9a8123b0d",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "GENERIC_READ"
              },
              {
                "name": "FileName",
                "value": "\\Device\\DeviceApi\\CMApi"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "0"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3489
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a8114cdf",
            "parentcaller": "0x7ff9a8123b0d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\cfgmgr32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8110000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a8123280"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3490
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3491
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3492
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9aa3e5611",
            "parentcaller": "0x7ff9a811f8f8",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004a4"
              },
              {
                "name": "IoControlCode",
                "value": "0x00470807"
              },
              {
                "name": "InBuffer",
                "value": "(\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x14\\x00\\x00\\x00#\\x00\\x00\\xc0\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3493
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9aa3e5611",
            "parentcaller": "0x7ff9a811ec21",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004a4"
              },
              {
                "name": "IoControlCode",
                "value": "0x00470807"
              },
              {
                "name": "InBuffer",
                "value": "(\\x00\\x00\\x00\\x00\\x00\\x01\\x00\rc\\xf5S\\xbf\\xb6\\xd0\\x11\\x94\\xf2\\x00\\xa0\\xc9\\x1e\\xfb\\x8b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xae\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00"
              }
            ],
            "repeated": 0,
            "id": 3494
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a638acb2",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000004ac"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004b0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 3495
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a638acfc",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3496
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a638acfc",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "Milliseconds",
                "value": "1000"
              }
            ],
            "repeated": 0,
            "id": 3497
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a845975f",
            "parentcaller": "0x7ff9a845940f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\STORAGE#Volume#{1c192ddb-7371-11f1-9cd4-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 3498
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a848ebd4",
            "parentcaller": "0x7ff9a8459872",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3499
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a8459854",
            "parentcaller": "0x7ff9a845940f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3500
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a845a4ee",
            "parentcaller": "0x7ff9a845946b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\STORAGE#Volume#{1c192ddb-7371-11f1-9cd4-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 3501
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a845a532",
            "parentcaller": "0x7ff9a845946b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004b4"
              },
              {
                "name": "IoControlCode",
                "value": "0x004d0008",
                "pretty_value": "IOCTL_MOUNTDEV_QUERY_DEVICE_NAME"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": ".\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              }
            ],
            "repeated": 0,
            "id": 3502
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a845a540",
            "parentcaller": "0x7ff9a845946b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3503
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a845a6fa",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3504
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004b4"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xba\\x00\\x00\\x00\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3505
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a845a73b",
            "parentcaller": "0x7ff9a845946b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004b4"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0008",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_POINTS"
              },
              {
                "name": "InBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00.\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\xba\\x00\\x00\\x00\\x01\\x00\\x00\\x00Z\\x00\\x00\\x00`\\x00\\x00\\x00 \\x00\\x00\\x00\\x0c\\x00\\x00\\x00,\\x00\\x00\\x00.\\x00\\x00\\x00z\\xae\\xe1\\xe1\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\\\x00D\\x00e\\x00v\\x00i\\x00c\\x00e\\x00\\\\x00H\\x00a\\x00r\\x00d\\x00d\\x00i\\x00s\\x00k\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x001\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00"
              }
            ],
            "repeated": 0,
            "id": 3506
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a845a74f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3507
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a638ad1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3508
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63acca6",
            "parentcaller": "0x7ff9a63a8fe3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3509
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63a901f",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ac"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-100000000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000004b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3510
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63a9047",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3511
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a9d4bdab",
            "parentcaller": "0x7ff9a9d4bc22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Data",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xc4\\xd8c\\xf2\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 3512
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63a908b",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3513
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\propsys.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a2720000"
              }
            ],
            "repeated": 0,
            "id": 3514
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a63ca6d1",
            "parentcaller": "0x7ff9a63b12d5",
            "category": "filesystem",
            "api": "GetVolumeNameForVolumeMountPointW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "VolumeMountPoint",
                "value": "\\\\?\\STORAGE#Volume#{1c192ddb-7371-11f1-9cd4-806e6f6e6963}#0000000003300000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\"
              },
              {
                "name": "VolumeName",
                "value": "\\\\?\\Volume{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3515
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a638ad1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3516
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63acca6",
            "parentcaller": "0x7ff9a63a8fe3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3517
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63a901f",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ac"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3518
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63a9047",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3519
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a9d4bdab",
            "parentcaller": "0x7ff9a9d4bc22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Data"
              },
              {
                "name": "Data",
                "value": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00o\\xb6d\\x1c\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data"
              }
            ],
            "repeated": 0,
            "id": 3520
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63a908b",
            "parentcaller": "0x7ff9a638a6ad",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3521
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63acca6",
            "parentcaller": "0x7ff9a63a8fe3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 3522
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63a901f",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b0"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3523
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63a9047",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3524
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a9d4bdab",
            "parentcaller": "0x7ff9a9d4bc22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 3525
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 0,
            "id": 3526
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a638acb2",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000004ac"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004b0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 3527
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 0,
            "id": 3528
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a638acfc",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3529
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a638acfc",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "Milliseconds",
                "value": "1000"
              }
            ],
            "repeated": 0,
            "id": 3530
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*cversions.1"
              }
            ],
            "repeated": 0,
            "id": 3531
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro"
              }
            ],
            "repeated": 0,
            "id": 3532
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a845975f",
            "parentcaller": "0x7ff9a845940f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\STORAGE#Volume#{1c192ddb-7371-11f1-9cd4-806e6f6e6963}#00000008E0100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 3533
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a848ebd4",
            "parentcaller": "0x7ff9a8459872",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3534
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "3932",
            "caller": "0x7ff9a8459854",
            "parentcaller": "0x7ff9a845940f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3535
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches"
              }
            ],
            "repeated": 0,
            "id": 3536
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3537
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63a901f",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-10e008000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\"
              }
            ],
            "repeated": 0,
            "id": 3538
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63a9047",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3539
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xef\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3540
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3541
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a9d4bdab",
            "parentcaller": "0x7ff9a9d4bc22",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 3542
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a63a908b",
            "parentcaller": "0x7ff9a638a72d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3543
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3544
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a8474dfe",
            "parentcaller": "0x7ff9a638af0d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004ac"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3545
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a8474e0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3546
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3547
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a8474dfe",
            "parentcaller": "0x7ff9a638af6d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004ac"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x001\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x02\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3548
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a8474e0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3549
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3550
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a8474dfe",
            "parentcaller": "0x7ff9a638af0d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004ac"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3551
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a8474f8d",
            "parentcaller": "0x7ff9a638af0d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004ac"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3552
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a8474e0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3553
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845a030",
            "parentcaller": "0x7ff9a8459d56",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3554
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004ac"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3555
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a8474f8d",
            "parentcaller": "0x7ff9a638af6d",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x000004ac"
              },
              {
                "name": "IoControlCode",
                "value": "0x006d0034",
                "pretty_value": "IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS"
              },
              {
                "name": "InBuffer",
                "value": "`\\x00\\\\x00?\\x00?\\x00\\\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00{\\x00e\\x001\\x00e\\x001\\x00a\\x00e\\x007\\x00a\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x000\\x000\\x000\\x000\\x00-\\x003\\x000\\x000\\x003\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": "\\x08\\x00\\x00\\x00C\\x00:\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3556
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a8474e0e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3557
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a846b0fb",
            "parentcaller": "0x7ff9a6361f1d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3558
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a6362e6f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "08\\x89Ms\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3559
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "4776",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a6361f41",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3560
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3561
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3562
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3563
          },
          {
            "timestamp": "2026-06-30 02:26:24,385",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3564
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3565
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3566
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f01ff"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3567
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3568
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xf8HIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3569
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xf9HIs\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00m\\x00u\\x00"
              }
            ],
            "repeated": 0,
            "id": 3570
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3571
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\x9d\\x8aMs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3572
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3573
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\x01NIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 3574
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xbe\\xfe\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00p\\xa3\\xde^\\x1e\\x00\\x00\\x00h\\xa3\\xde^\\x1e\\x00\\x00\\x008\\xa3\\xde^\\x1e\\x00\\x00\\x00X\\xa3\\xde^"
              }
            ],
            "repeated": 0,
            "id": 3575
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x01NIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00X\\xa1\\xde^\\x1e\\x00\\x00\\x00\\xac\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 3576
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xda#\\x1d\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x96I\n\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3577
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xf9HIs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3578
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xfaHIs\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@?NI"
              }
            ],
            "repeated": 0,
            "id": 3579
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3580
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x9e\\x8aMs\\x01\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3581
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3582
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa8\\xf9MIs\\x01\\x00\\x00\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 3583
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\x1e\\xf3\\xb2  \\x9b\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xd0\\x9f\\xde^\\x1e\\x00\\x00\\x00\\xc8\\x9f\\xde^\\x1e\\x00\\x00\\x00\\x98\\x9f\\xde^\\x1e\\x00\\x00\\x00\\xb8\\x9f\\xde^"
              }
            ],
            "repeated": 0,
            "id": 3584
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xf9MIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xb8\\x9d\\xde^\\x1e\\x00\\x00\\x00\\xac\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 3585
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3586
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3587
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3588
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3589
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xe6\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3590
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3591
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro"
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db"
              }
            ],
            "repeated": 0,
            "id": 3592
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3593
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edea630"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3594
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              }
            ],
            "repeated": 0,
            "id": 3595
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3596
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x80\\x02\\x00\\x00\\x00\\x00\\x00\\x10p\\x02\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3597
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3598
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3599
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xec\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3600
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3601
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\C:*Users*Rajesh*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db"
              }
            ],
            "repeated": 0,
            "id": 3602
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3603
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000049c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f830000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edeb590"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3604
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3605
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000006"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\windows_shell_global_counters"
              }
            ],
            "repeated": 0,
            "id": 3606
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f860000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edeb5a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3607
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 4,
            "id": 3608
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3609
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0xfffffffc"
              }
            ],
            "repeated": 0,
            "id": 3610
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3611
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f5d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3612
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 3613
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 3614
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3615
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3616
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xae\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3617
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x008\\x001\\x003\\x00\r\\x00\n\\x00"
              },
              {
                "name": "Length",
                "value": "174"
              }
            ],
            "repeated": 0,
            "id": 3618
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "-j\\xb5\\xc9\\xde\\xac\\xd5\\x01\\xc6\\xb43\\xf0|\\x07\\xdd\\x01\\xb8\\x818{\\xde\\xac\\xd5\\x01G%\\xa9s}\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3619
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3620
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3621
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 3622
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 3623
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3624
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3625
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3626
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "ValueName",
                "value": "DontShowSuperHidden"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden"
              }
            ],
            "repeated": 0,
            "id": 3627
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3628
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3629
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "ValueName",
                "value": "DontShowSuperHidden"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden"
              }
            ],
            "repeated": 0,
            "id": 3630
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 3631
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3632
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\"
              }
            ],
            "repeated": 0,
            "id": 3633
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ShellState"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState"
              }
            ],
            "repeated": 0,
            "id": 3634
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ShellState"
              },
              {
                "name": "Data",
                "value": "$\\x00\\x00\\x004(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState"
              }
            ],
            "repeated": 0,
            "id": 3635
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3636
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3637
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "NoWebView"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView"
              }
            ],
            "repeated": 0,
            "id": 3638
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3639
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3640
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "NoWebView"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView"
              }
            ],
            "repeated": 0,
            "id": 3641
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3642
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3643
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ClassicShell"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell"
              }
            ],
            "repeated": 0,
            "id": 3644
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3645
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3646
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ClassicShell"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell"
              }
            ],
            "repeated": 0,
            "id": 3647
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3648
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3649
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "SeparateProcess"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess"
              }
            ],
            "repeated": 0,
            "id": 3650
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3651
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3652
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "SeparateProcess"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess"
              }
            ],
            "repeated": 0,
            "id": 3653
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3654
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3655
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "NoNetCrawling"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling"
              }
            ],
            "repeated": 0,
            "id": 3656
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3657
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3658
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "NoNetCrawling"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling"
              }
            ],
            "repeated": 0,
            "id": 3659
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3660
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "Advanced"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
              }
            ],
            "repeated": 0,
            "id": 3661
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "Hidden"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden"
              }
            ],
            "repeated": 0,
            "id": 3662
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ShowCompColor"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor"
              }
            ],
            "repeated": 0,
            "id": 3663
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "HideFileExt"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt"
              }
            ],
            "repeated": 0,
            "id": 3664
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "DontPrettyPath"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath"
              }
            ],
            "repeated": 0,
            "id": 3665
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ShowInfoTip"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip"
              }
            ],
            "repeated": 0,
            "id": 3666
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "HideIcons"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons"
              }
            ],
            "repeated": 0,
            "id": 3667
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "MapNetDrvBtn"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn"
              }
            ],
            "repeated": 0,
            "id": 3668
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "WebView"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView"
              }
            ],
            "repeated": 0,
            "id": 3669
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "Filter"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter"
              }
            ],
            "repeated": 0,
            "id": 3670
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ShowSuperHidden"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden"
              }
            ],
            "repeated": 0,
            "id": 3671
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "SeparateProcess"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess"
              }
            ],
            "repeated": 0,
            "id": 3672
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 3673
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa9f93b0"
              }
            ],
            "repeated": 0,
            "id": 3674
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa8f9b0"
              }
            ],
            "repeated": 0,
            "id": 3675
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa32450"
              }
            ],
            "repeated": 0,
            "id": 3676
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa6f950"
              }
            ],
            "repeated": 0,
            "id": 3677
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa4cb70"
              }
            ],
            "repeated": 0,
            "id": 3678
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa53330"
              }
            ],
            "repeated": 0,
            "id": 3679
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4504:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3680
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 3681
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3682
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3683
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3684
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3685
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3686
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3687
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 3688
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 3689
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "NoNetCrawling"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling"
              }
            ],
            "repeated": 0,
            "id": 3690
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "AutoCheckSelect"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect"
              }
            ],
            "repeated": 0,
            "id": 3691
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "IconsOnly"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly"
              }
            ],
            "repeated": 0,
            "id": 3692
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ShowTypeOverlay"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay"
              }
            ],
            "repeated": 0,
            "id": 3693
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ShowStatusBar"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar"
              }
            ],
            "repeated": 0,
            "id": 3694
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3695
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3696
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3697
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3698
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Directory"
              },
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Directory"
              }
            ],
            "repeated": 0,
            "id": 3699
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049e"
              },
              {
                "name": "SubKey",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 3700
          },
          {
            "timestamp": "2026-06-30 02:26:24,401",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "Folder"
              },
              {
                "name": "Handle",
                "value": "0x000004b2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\Folder"
              }
            ],
            "repeated": 0,
            "id": 3701
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b2"
              },
              {
                "name": "SubKey",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 3702
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "AllFilesystemObjects"
              },
              {
                "name": "Handle",
                "value": "0x000004b6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\AllFilesystemObjects"
              }
            ],
            "repeated": 0,
            "id": 3703
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b6"
              },
              {
                "name": "SubKey",
                "value": "ShellEx\\IconHandler"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler"
              }
            ],
            "repeated": 0,
            "id": 3704
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3705
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049e"
              },
              {
                "name": "SubKey",
                "value": "DocObject"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3706
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b2"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3707
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b2"
              },
              {
                "name": "SubKey",
                "value": "DocObject"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3708
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b6"
              },
              {
                "name": "ValueName",
                "value": "DocObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3709
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b6"
              },
              {
                "name": "SubKey",
                "value": "DocObject"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject"
              }
            ],
            "repeated": 0,
            "id": 3710
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3711
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049e"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3712
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b2"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3713
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b2"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3714
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b6"
              },
              {
                "name": "ValueName",
                "value": "BrowseInPlace"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3715
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b6"
              },
              {
                "name": "SubKey",
                "value": "BrowseInPlace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace"
              }
            ],
            "repeated": 0,
            "id": 3716
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049e"
              },
              {
                "name": "SubKey",
                "value": "Clsid"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 3717
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b2"
              },
              {
                "name": "SubKey",
                "value": "Clsid"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 3718
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b6"
              },
              {
                "name": "SubKey",
                "value": "Clsid"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid"
              }
            ],
            "repeated": 0,
            "id": 3719
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 3720
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b2"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 3721
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b6"
              },
              {
                "name": "ValueName",
                "value": "IsShortcut"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut"
              }
            ],
            "repeated": 0,
            "id": 3722
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "ValueName",
                "value": "AlwaysShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt"
              }
            ],
            "repeated": 0,
            "id": 3723
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 3724
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b2"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 3725
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b6"
              },
              {
                "name": "ValueName",
                "value": "NeverShowExt"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt"
              }
            ],
            "repeated": 0,
            "id": 3726
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049e"
              }
            ],
            "repeated": 0,
            "id": 3727
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b2"
              }
            ],
            "repeated": 0,
            "id": 3728
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b6"
              }
            ],
            "repeated": 0,
            "id": 3729
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3730
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3731
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8.\\xdf\\xeev\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfbd\\x01\\x00\\x00\\x00\\x02\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 3732
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3733
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3734
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3735
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3736
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8c\\xf5\\xe3\\xeev\\x07\\xdd\\x01\\xd4\\xf0!\\xefv\\x07\\xdd\\x01\\xd4\\xf0!\\xefv\\x07\\xdd\\x01\\xd4\\xf0!\\xefv\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06e\\x01\\x00\\x00\\x00\\x01\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 3737
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3738
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3739
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3740
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe5U\\xe6\\xeev\\x07\\xdd\\x01l\\x90\\xc1\\xb2H\\x07\\xdd\\x01l\\x90\\xc1\\xb2H\\x07\\xdd\\x01l\\x90\\xc1\\xb2H\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19e\\x01\\x00\\x00\\x00\\x01\\x00L\\x00o\\x00c\\x00a\\x00l\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 3741
          },
          {
            "timestamp": "2026-06-30 02:26:24,417",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3742
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3743
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3744
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe5U\\xe6\\xeev\\x07\\xdd\\x01\\x8e5r\\xcd7\\x08\\xdd\\x01\\x8e5r\\xcd7\\x08\\xdd\\x01\\x8e5r\\xcd7\\x08\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1ae\\x01\\x00\\x00\\x00\\x01\\x00T\\x00e\\x00m\\x00p\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 3745
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3746
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3747
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3748
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8dDg|\\x12\\x08\\xdd\\x01\\x8dDg|\\x12\\x08\\xdd\\x01\\x8dDg|\\x12\\x08\\xdd\\x01\\x8e5r\\xcd7\\x08\\xdd\\x01\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\xac\\x01\\x00\\x00\\x00\\x01\\x000\\x000\\x000\\x001\\x00.\\x00j\\x00p\\x00g\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 3749
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3750
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3751
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              },
              {
                "name": "ValueName",
                "value": "AllowFileCLSIDJunctions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions"
              }
            ],
            "repeated": 0,
            "id": 3752
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3753
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 3754
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              },
              {
                "name": "ValueName",
                "value": "AllowFileCLSIDJunctions"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions"
              }
            ],
            "repeated": 0,
            "id": 3755
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3756
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 3757
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b4"
              },
              {
                "name": "SubKey",
                "value": "{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              },
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              }
            ],
            "repeated": 0,
            "id": 3758
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 3759
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category"
              }
            ],
            "repeated": 0,
            "id": 3760
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name"
              }
            ],
            "repeated": 0,
            "id": 3761
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 3762
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description"
              }
            ],
            "repeated": 0,
            "id": 3763
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 3764
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 3765
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 3766
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21769"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 3767
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-183"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 3768
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security"
              }
            ],
            "repeated": 0,
            "id": 3769
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 3770
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 3771
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 3772
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 3773
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 3774
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 3775
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 3776
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 3777
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3778
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 3779
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 3780
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3781
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3782
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3783
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3784
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xa3\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3785
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 3786
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049c"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 3787
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3788
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x9f\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\x9c\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3789
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3790
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 3791
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3792
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Desktop"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop"
              }
            ],
            "repeated": 0,
            "id": 3793
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3794
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3795
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 3796
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 3797
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3798
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Desktop\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3799
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Desktop\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1a\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3800
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Desktop\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x006\\x009\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "282"
              }
            ],
            "repeated": 0,
            "id": 3801
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Desktop\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "E\\x90\\xf7\\xf7v\\x07\\xdd\\x01\\x1c\\xc3I\\xf2|\\x07\\xdd\\x01E\\x90\\xf7\\xf7v\\x07\\xdd\\x01E\\x90\\xf7\\xf7v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3802
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3803
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3804
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 3805
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 3806
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3807
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3808
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3809
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              }
            ],
            "repeated": 0,
            "id": 3810
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 3811
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 3812
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings"
              }
            ],
            "repeated": 0,
            "id": 3813
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3814
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 3815
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b8"
              },
              {
                "name": "SubKey",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              }
            ],
            "repeated": 0,
            "id": 3816
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3817
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category"
              }
            ],
            "repeated": 0,
            "id": 3818
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Libraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name"
              }
            ],
            "repeated": 0,
            "id": 3819
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 3820
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description"
              }
            ],
            "repeated": 0,
            "id": 3821
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Libraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 3822
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 3823
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 3824
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 3825
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 3826
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security"
              }
            ],
            "repeated": 0,
            "id": 3827
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 3828
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 3829
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 3830
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 3831
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 3832
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 3833
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 3834
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 3835
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3836
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 3837
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 3838
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3839
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3840
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3841
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3842
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xa3\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3843
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 3844
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b8"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 3845
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3846
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x9f\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xb8\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3847
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3848
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b8"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 3849
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3850
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              }
            ],
            "repeated": 0,
            "id": 3851
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 3852
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b8"
              },
              {
                "name": "SubKey",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              }
            ],
            "repeated": 0,
            "id": 3853
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3854
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 3855
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 3856
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 3857
          },
          {
            "timestamp": "2026-06-30 02:26:24,432",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 3858
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "AppData\\Roaming"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 3859
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 3860
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 3861
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 3862
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 3863
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 3864
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 3865
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 3866
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 3867
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 3868
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 3869
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 3870
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 3871
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 3872
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3873
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 3874
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 3875
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004bc"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3876
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3877
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 3878
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004bc"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 3879
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3880
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "AppData"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Roaming"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData"
              }
            ],
            "repeated": 0,
            "id": 3881
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3882
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3883
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3884
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 3885
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000049c"
              },
              {
                "name": "SubKey",
                "value": "{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              },
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              }
            ],
            "repeated": 0,
            "id": 3886
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              }
            ],
            "repeated": 0,
            "id": 3887
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category"
              }
            ],
            "repeated": 0,
            "id": 3888
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name"
              }
            ],
            "repeated": 0,
            "id": 3889
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 3890
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description"
              }
            ],
            "repeated": 0,
            "id": 3891
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 3892
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{d3162b92-9365-467a-956b-92703aca08af}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 3893
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 3894
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21770"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 3895
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-112"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 3896
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security"
              }
            ],
            "repeated": 0,
            "id": 3897
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 3898
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 3899
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 3900
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 3901
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 3902
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 3903
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 3904
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 3905
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3906
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 3907
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 3908
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3909
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3910
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3911
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3912
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xa3\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3913
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 3914
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004bc"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 3915
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3916
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x9f\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xbc\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3917
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 3918
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004bc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 3919
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3920
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}"
              }
            ],
            "repeated": 0,
            "id": 3921
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 3922
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004bc"
              },
              {
                "name": "SubKey",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              }
            ],
            "repeated": 0,
            "id": 3923
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3924
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category"
              }
            ],
            "repeated": 0,
            "id": 3925
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Profile"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name"
              }
            ],
            "repeated": 0,
            "id": 3926
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 3927
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description"
              }
            ],
            "repeated": 0,
            "id": 3928
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 3929
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 3930
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 3931
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 3932
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 3933
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security"
              }
            ],
            "repeated": 0,
            "id": 3934
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 3935
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 3936
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 3937
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 3938
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 3939
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 3940
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 3941
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 3942
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 3943
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 3944
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 3945
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 3946
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3947
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3948
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xb4\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3949
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3950
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3951
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 3952
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 3953
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 3954
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3955
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              }
            ],
            "repeated": 0,
            "id": 3956
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8050000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0001f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3957
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a806c000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3958
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8062000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3959
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8062000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3960
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8062000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3961
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8062000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3962
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8062000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3963
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3964
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3965
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8062000"
              },
              {
                "name": "ModuleName",
                "value": "profapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3966
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\profapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 3967
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 3968
          },
          {
            "timestamp": "2026-06-30 02:26:24,448",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a8050000"
              }
            ],
            "repeated": 0,
            "id": 3969
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\profapi"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8050000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a8058d30"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3970
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699b000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3971
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699b000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3972
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 3973
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 3974
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 3975
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3976
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3977
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 3978
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3979
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 3980
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 3981
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3982
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Documents\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3983
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Documents\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x98\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x92\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3984
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Documents\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x007\\x000\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "402"
              }
            ],
            "repeated": 0,
            "id": 3985
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Documents\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x10\\xd1\\xfe\\xf7v\\x07\\xdd\\x01\\xf2\\xf3\\xcf\\xf8|\\x07\\xdd\\x016\\x8f\\x16\\xf8v\\x07\\xdd\\x016\\x8f\\x16\\xf8v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3986
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3987
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3988
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 3989
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 3990
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3991
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3992
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 3993
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c0"
              },
              {
                "name": "SubKey",
                "value": "{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              },
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              }
            ],
            "repeated": 0,
            "id": 3994
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3995
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category"
              }
            ],
            "repeated": 0,
            "id": 3996
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name"
              }
            ],
            "repeated": 0,
            "id": 3997
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 3998
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description"
              }
            ],
            "repeated": 0,
            "id": 3999
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4000
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4001
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12689"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4002
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21790"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4003
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-108"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4004
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4005
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4006
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4007
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4008
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4009
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4010
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4011
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4012
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4013
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4014
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4015
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4016
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4017
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4018
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4019
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4020
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xa3\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4021
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4022
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4023
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4024
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x9f\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xc4\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4025
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4026
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4027
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4028
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}"
              }
            ],
            "repeated": 0,
            "id": 4029
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4030
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb3\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4031
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4032
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4033
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4034
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4035
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4036
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4037
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4038
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 4039
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 4040
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4041
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Music\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4042
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Music\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4043
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Music\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x009\\x000\\x00\r\\x00\n\\x00I\\x00n\\x00f\\x00o\\x00T\\x00i\\x00p\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00"
              },
              {
                "name": "Length",
                "value": "504"
              }
            ],
            "repeated": 0,
            "id": 4044
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Music\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf2T\\xfc\\xf7v\\x07\\xdd\\x01A\\xdf\\xa2\\xf1|\\x07\\xdd\\x01.\\xa3\n\\xf8v\\x07\\xdd\\x01.\\xa3\n\\xf8v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4045
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4046
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4047
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 4048
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 4049
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4050
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4051
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4052
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c8"
              },
              {
                "name": "SubKey",
                "value": "{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              },
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              }
            ],
            "repeated": 0,
            "id": 4053
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4054
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4055
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4056
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4057
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4058
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4059
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4060
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4061
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21779"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4062
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-113"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4063
          },
          {
            "timestamp": "2026-06-30 02:26:24,464",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4064
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4065
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4066
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4067
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4068
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4069
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4070
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4071
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4072
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4073
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4074
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4075
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4076
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4077
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4078
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4079
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xa3\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4080
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4081
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4082
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4083
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x9f\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xc4\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4084
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4085
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4086
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4087
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}"
              }
            ],
            "repeated": 0,
            "id": 4088
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4089
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xaa\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4090
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4091
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4092
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4093
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 4094
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4095
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4096
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4097
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 4098
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 4099
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4100
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Pictures\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4101
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Pictures\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4102
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Pictures\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x007\\x009\\x00\r\\x00\n\\x00I\\x00n\\x00f\\x00o\\x00T\\x00i\\x00p\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00"
              },
              {
                "name": "Length",
                "value": "504"
              }
            ],
            "repeated": 0,
            "id": 4103
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Pictures\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "E\\x90\\xf7\\xf7v\\x07\\xdd\\x01\\xf2\\xf3\\xcf\\xf8|\\x07\\xdd\\x01\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4104
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4105
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4106
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 4107
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 4108
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4109
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4110
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4111
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004cc"
              },
              {
                "name": "SubKey",
                "value": "{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              },
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              }
            ],
            "repeated": 0,
            "id": 4112
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4113
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4114
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4115
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4116
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4117
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4118
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4119
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4120
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21791"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4121
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-189"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4122
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4123
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4124
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4125
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4126
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4127
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4128
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4129
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4130
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4131
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4132
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4133
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4134
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4135
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4136
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4137
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4138
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xa3\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4139
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4140
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4141
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4142
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x9f\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xc4\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4143
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4144
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4145
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4146
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "ValueName",
                "value": "{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}"
              }
            ],
            "repeated": 0,
            "id": 4147
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4148
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xab\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4149
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4150
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4151
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4152
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4153
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4154
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4155
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 4156
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 4157
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 4158
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4159
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Videos\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4160
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Videos\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4161
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Videos\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x009\\x001\\x00\r\\x00\n\\x00I\\x00n\\x00f\\x00o\\x00T\\x00i\\x00p\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00"
              },
              {
                "name": "Length",
                "value": "504"
              }
            ],
            "repeated": 0,
            "id": 4162
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Videos\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "~B\\xe9\\xf7v\\x07\\xdd\\x01A\\xdf\\xa2\\xf1|\\x07\\xdd\\x01\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4163
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 4164
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4165
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 4166
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 4167
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4168
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4169
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4170
          },
          {
            "timestamp": "2026-06-30 02:26:24,479",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d0"
              },
              {
                "name": "SubKey",
                "value": "{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              },
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              }
            ],
            "repeated": 0,
            "id": 4171
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 4172
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4173
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4174
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4175
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4176
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4177
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{088e3905-0323-4b02-9826-5d99428e115f}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4178
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4179
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21798"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4180
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-184"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4181
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4182
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4183
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4184
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4185
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4186
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4187
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4188
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4189
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4190
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4191
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4192
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4193
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4194
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4195
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4196
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4197
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xa3\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4198
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4199
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4200
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4201
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x9f\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xc4\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4202
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4203
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4204
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4205
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}"
              }
            ],
            "repeated": 0,
            "id": 4206
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4207
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xba\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4208
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4209
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4210
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4211
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 4212
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4213
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4214
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4215
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 4216
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 4217
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4218
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Downloads\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4219
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Downloads\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1a\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4220
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Downloads\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x009\\x008\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "282"
              }
            ],
            "repeated": 0,
            "id": 4221
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Downloads\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": ".\\xa3\n\\xf8v\\x07\\xdd\\x01A\\xdf\\xa2\\xf1|\\x07\\xdd\\x01\\xc3\\x05\r\\xf8v\\x07\\xdd\\x01\\xc3\\x05\r\\xf8v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4222
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4223
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4224
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 4225
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 4226
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4227
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4228
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4229
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d4"
              },
              {
                "name": "SubKey",
                "value": "{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}"
              }
            ],
            "repeated": 0,
            "id": 4230
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4231
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4232
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4233
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xa3\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4234
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4235
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xb8\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4236
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4237
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4238
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4239
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4240
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4241
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4242
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4243
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4244
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004bc"
              },
              {
                "name": "SubKey",
                "value": "{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}"
              }
            ],
            "repeated": 0,
            "id": 4245
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 4246
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4247
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "UsersFilesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4248
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4249
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4250
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4251
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4252
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4253
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4254
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4255
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4256
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4257
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4258
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4259
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4260
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4261
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4262
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4263
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4264
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4265
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4266
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4267
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4268
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4269
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 4270
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "18446744073449767213"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4271
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 4272
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 4273
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Data",
                "value": "5243433"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 4274
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 4275
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 4276
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 4277
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 4278
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 4279
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "{59031A47-3F72-44A7-89C5-5595FE6B30EE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}"
              }
            ],
            "repeated": 0,
            "id": 4280
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4281
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4282
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4283
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 4284
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 4285
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4286
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4287
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4288
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 4289
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 4290
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4291
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4292
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4293
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 4294
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "StorageDelegateSuppressionPolicy"
              },
              {
                "name": "Data",
                "value": "{92803FB4-7706-4035-ACD7-F63E069D3697}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy"
              }
            ],
            "repeated": 0,
            "id": 4295
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4296
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4297
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "PreventItemCreationInUsersFilesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder"
              }
            ],
            "repeated": 0,
            "id": 4298
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4299
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4300
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "PreventItemCreationInUsersFilesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder"
              }
            ],
            "repeated": 0,
            "id": 4301
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4302
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 4303
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4304
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 4305
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "StorageDelegate"
              },
              {
                "name": "Data",
                "value": "{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate"
              }
            ],
            "repeated": 0,
            "id": 4306
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4307
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 4308
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Data",
                "value": "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID"
              }
            ],
            "repeated": 0,
            "id": 4309
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4310
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4311
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4312
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 4313
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\Windows.Storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 4314
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 4315
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              }
            ],
            "repeated": 0,
            "id": 4316
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.Storage.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6230000"
              }
            ],
            "repeated": 0,
            "id": 4317
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0E5AAE11-A475-4C5B-AB00-C66DE400274E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ADD8BA80-002B-11D0-8F0F-00C04FD7D062"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4318
          },
          {
            "timestamp": "2026-06-30 02:26:24,495",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ba"
              },
              {
                "name": "SubKey",
                "value": "InitPropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4319
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4320
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4321
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4322
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4323
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa332000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4324
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa332000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4325
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4326
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "17"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4327
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "ValueName",
                "value": "DescriptionID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID"
              }
            ],
            "repeated": 0,
            "id": 4328
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "ValueName",
                "value": "HelpTopic"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic"
              }
            ],
            "repeated": 0,
            "id": 4329
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "ValueName",
                "value": "AllowChildAliasRegistration"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration"
              }
            ],
            "repeated": 0,
            "id": 4330
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "ValueName",
                "value": "RecursiveSearch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch"
              }
            ],
            "repeated": 0,
            "id": 4331
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 4332
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              },
              {
                "name": "ValueName",
                "value": "TargetKnownFolder"
              },
              {
                "name": "Data",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder"
              }
            ],
            "repeated": 0,
            "id": 4333
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4334
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4335
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 4336
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 4337
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b0"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 4338
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 4339
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": ""
              },
              {
                "name": "Handle",
                "value": "0x000004b0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\"
              }
            ],
            "repeated": 0,
            "id": 4340
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d6"
              }
            ],
            "repeated": 0,
            "id": 4341
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4342
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ba"
              }
            ],
            "repeated": 0,
            "id": 4343
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 4344
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4345
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4346
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              }
            ],
            "repeated": 0,
            "id": 4347
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "{00BCFC5A-ED94-4e48-96A1-3F6217F21990}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}"
              }
            ],
            "repeated": 0,
            "id": 4348
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              }
            ],
            "repeated": 0,
            "id": 4349
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "{0482af6c-08f1-4c34-8c90-e17ec98b1e17}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}"
              }
            ],
            "repeated": 0,
            "id": 4350
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "{054FAE61-4DD8-4787-80B6-090220C4B700}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}"
              }
            ],
            "repeated": 0,
            "id": 4351
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "{0762D272-C50A-4BB0-A382-697DCD729B80}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}"
              }
            ],
            "repeated": 0,
            "id": 4352
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "Name",
                "value": "{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              }
            ],
            "repeated": 0,
            "id": 4353
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "Name",
                "value": "{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              }
            ],
            "repeated": 0,
            "id": 4354
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "Name",
                "value": "{0ddd015d-b06c-45d5-8c4c-f59713854639}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}"
              }
            ],
            "repeated": 0,
            "id": 4355
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "Name",
                "value": "{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}"
              }
            ],
            "repeated": 0,
            "id": 4356
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "Name",
                "value": "{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              }
            ],
            "repeated": 0,
            "id": 4357
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "Name",
                "value": "{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              }
            ],
            "repeated": 0,
            "id": 4358
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "Name",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              }
            ],
            "repeated": 0,
            "id": 4359
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "Name",
                "value": "{190337d1-b8ca-4121-a639-6d472d16972a}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}"
              }
            ],
            "repeated": 0,
            "id": 4360
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "Name",
                "value": "{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              }
            ],
            "repeated": 0,
            "id": 4361
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "Name",
                "value": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              }
            ],
            "repeated": 0,
            "id": 4362
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "Name",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              }
            ],
            "repeated": 0,
            "id": 4363
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "Name",
                "value": "{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              }
            ],
            "repeated": 0,
            "id": 4364
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "Name",
                "value": "{1e87508d-89c2-42f0-8a7e-645a0f50ca58}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}"
              }
            ],
            "repeated": 0,
            "id": 4365
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "Name",
                "value": "{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
              }
            ],
            "repeated": 0,
            "id": 4366
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "Name",
                "value": "{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              }
            ],
            "repeated": 0,
            "id": 4367
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "Name",
                "value": "{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              }
            ],
            "repeated": 0,
            "id": 4368
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "Name",
                "value": "{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              }
            ],
            "repeated": 0,
            "id": 4369
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "Name",
                "value": "{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              }
            ],
            "repeated": 0,
            "id": 4370
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "Name",
                "value": "{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              }
            ],
            "repeated": 0,
            "id": 4371
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "Name",
                "value": "{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}"
              }
            ],
            "repeated": 0,
            "id": 4372
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "Name",
                "value": "{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              }
            ],
            "repeated": 0,
            "id": 4373
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "Name",
                "value": "{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              }
            ],
            "repeated": 0,
            "id": 4374
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "Name",
                "value": "{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              }
            ],
            "repeated": 0,
            "id": 4375
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "Name",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              }
            ],
            "repeated": 0,
            "id": 4376
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "Name",
                "value": "{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              }
            ],
            "repeated": 0,
            "id": 4377
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "Name",
                "value": "{35286a68-3c57-41a1-bbb1-0eae73d76c95}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}"
              }
            ],
            "repeated": 0,
            "id": 4378
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "Name",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}"
              }
            ],
            "repeated": 0,
            "id": 4379
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "Name",
                "value": "{3B193882-D3AD-4eab-965A-69829D1FB59F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}"
              }
            ],
            "repeated": 0,
            "id": 4380
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "Name",
                "value": "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"
              }
            ],
            "repeated": 0,
            "id": 4381
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "Name",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              }
            ],
            "repeated": 0,
            "id": 4382
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "Name",
                "value": "{43668BF8-C14E-49B2-97C9-747784D784B7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}"
              }
            ],
            "repeated": 0,
            "id": 4383
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "Name",
                "value": "{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
              }
            ],
            "repeated": 0,
            "id": 4384
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "Name",
                "value": "{491E922F-5643-4af4-A7EB-4E7A138D8174}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}"
              }
            ],
            "repeated": 0,
            "id": 4385
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "Name",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}"
              }
            ],
            "repeated": 0,
            "id": 4386
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "Name",
                "value": "{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              }
            ],
            "repeated": 0,
            "id": 4387
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "Name",
                "value": "{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}"
              }
            ],
            "repeated": 0,
            "id": 4388
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "Name",
                "value": "{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              }
            ],
            "repeated": 0,
            "id": 4389
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "Name",
                "value": "{52528A6B-B9E3-4add-B60D-588C2DBA842D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}"
              }
            ],
            "repeated": 0,
            "id": 4390
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "Name",
                "value": "{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
              }
            ],
            "repeated": 0,
            "id": 4391
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "Name",
                "value": "{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}"
              }
            ],
            "repeated": 0,
            "id": 4392
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "Name",
                "value": "{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              }
            ],
            "repeated": 0,
            "id": 4393
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "Name",
                "value": "{56784854-C6CB-462B-8169-88E350ACB882}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}"
              }
            ],
            "repeated": 0,
            "id": 4394
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "Name",
                "value": "{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
              }
            ],
            "repeated": 0,
            "id": 4395
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "Name",
                "value": "{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              }
            ],
            "repeated": 0,
            "id": 4396
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "Name",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              }
            ],
            "repeated": 0,
            "id": 4397
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "Name",
                "value": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              }
            ],
            "repeated": 0,
            "id": 4398
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "Name",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              }
            ],
            "repeated": 0,
            "id": 4399
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "Name",
                "value": "{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}"
              }
            ],
            "repeated": 0,
            "id": 4400
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "Name",
                "value": "{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              }
            ],
            "repeated": 0,
            "id": 4401
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "Name",
                "value": "{6D809377-6AF0-444b-8957-A3773F02200E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}"
              }
            ],
            "repeated": 0,
            "id": 4402
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "Name",
                "value": "{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              }
            ],
            "repeated": 0,
            "id": 4403
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "Name",
                "value": "{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              }
            ],
            "repeated": 0,
            "id": 4404
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "Name",
                "value": "{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              }
            ],
            "repeated": 0,
            "id": 4405
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "Name",
                "value": "{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              }
            ],
            "repeated": 0,
            "id": 4406
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "Name",
                "value": "{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              }
            ],
            "repeated": 0,
            "id": 4407
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "Name",
                "value": "{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
              }
            ],
            "repeated": 0,
            "id": 4408
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "Name",
                "value": "{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              }
            ],
            "repeated": 0,
            "id": 4409
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "Name",
                "value": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              }
            ],
            "repeated": 0,
            "id": 4410
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "Name",
                "value": "{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              }
            ],
            "repeated": 0,
            "id": 4411
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "Name",
                "value": "{7d1d3a04-debb-4115-95cf-2f29da2920da}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}"
              }
            ],
            "repeated": 0,
            "id": 4412
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "Name",
                "value": "{7d83ee9b-2244-4e70-b1f5-5393042af1e4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}"
              }
            ],
            "repeated": 0,
            "id": 4413
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "67"
              },
              {
                "name": "Name",
                "value": "{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              }
            ],
            "repeated": 0,
            "id": 4414
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "68"
              },
              {
                "name": "Name",
                "value": "{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              }
            ],
            "repeated": 0,
            "id": 4415
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "69"
              },
              {
                "name": "Name",
                "value": "{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              }
            ],
            "repeated": 0,
            "id": 4416
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "70"
              },
              {
                "name": "Name",
                "value": "{8983036C-27C0-404B-8F08-102D10DCFD74}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}"
              }
            ],
            "repeated": 0,
            "id": 4417
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "71"
              },
              {
                "name": "Name",
                "value": "{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              }
            ],
            "repeated": 0,
            "id": 4418
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "72"
              },
              {
                "name": "Name",
                "value": "{905e63b6-c1bf-494e-b29c-65b732d3d21a}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}"
              }
            ],
            "repeated": 0,
            "id": 4419
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "73"
              },
              {
                "name": "Name",
                "value": "{915221FB-9EFE-4bda-8FD7-F78DCA774F87}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}"
              }
            ],
            "repeated": 0,
            "id": 4420
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "74"
              },
              {
                "name": "Name",
                "value": "{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              }
            ],
            "repeated": 0,
            "id": 4421
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "75"
              },
              {
                "name": "Name",
                "value": "{98EC0E18-2098-4D44-8644-66979315A281}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}"
              }
            ],
            "repeated": 0,
            "id": 4422
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "76"
              },
              {
                "name": "Name",
                "value": "{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}"
              }
            ],
            "repeated": 0,
            "id": 4423
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "77"
              },
              {
                "name": "Name",
                "value": "{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
              }
            ],
            "repeated": 0,
            "id": 4424
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "78"
              },
              {
                "name": "Name",
                "value": "{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              }
            ],
            "repeated": 0,
            "id": 4425
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "79"
              },
              {
                "name": "Name",
                "value": "{a0c69a99-21c8-4671-8703-7934162fcf1d}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}"
              }
            ],
            "repeated": 0,
            "id": 4426
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "80"
              },
              {
                "name": "Name",
                "value": "{A302545D-DEFF-464b-ABE8-61C8648D939B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}"
              }
            ],
            "repeated": 0,
            "id": 4427
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "81"
              },
              {
                "name": "Name",
                "value": "{a305ce99-f527-492b-8b1a-7e76fa98d6e4}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}"
              }
            ],
            "repeated": 0,
            "id": 4428
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "82"
              },
              {
                "name": "Name",
                "value": "{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              }
            ],
            "repeated": 0,
            "id": 4429
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "83"
              },
              {
                "name": "Name",
                "value": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              }
            ],
            "repeated": 0,
            "id": 4430
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "84"
              },
              {
                "name": "Name",
                "value": "{A440879F-87A0-4F7D-B700-0207B966194A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}"
              }
            ],
            "repeated": 0,
            "id": 4431
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "85"
              },
              {
                "name": "Name",
                "value": "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              }
            ],
            "repeated": 0,
            "id": 4432
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "86"
              },
              {
                "name": "Name",
                "value": "{A63293E8-664E-48DB-A079-DF759E0509F7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}"
              }
            ],
            "repeated": 0,
            "id": 4433
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "87"
              },
              {
                "name": "Name",
                "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              }
            ],
            "repeated": 0,
            "id": 4434
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "88"
              },
              {
                "name": "Name",
                "value": "{A990AE9F-A03B-4e80-94BC-9912D7504104}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}"
              }
            ],
            "repeated": 0,
            "id": 4435
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "89"
              },
              {
                "name": "Name",
                "value": "{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              }
            ],
            "repeated": 0,
            "id": 4436
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "90"
              },
              {
                "name": "Name",
                "value": "{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              }
            ],
            "repeated": 0,
            "id": 4437
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "91"
              },
              {
                "name": "Name",
                "value": "{AE50C081-EBD2-438A-8655-8A092E34987A}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}"
              }
            ],
            "repeated": 0,
            "id": 4438
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "92"
              },
              {
                "name": "Name",
                "value": "{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              }
            ],
            "repeated": 0,
            "id": 4439
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "93"
              },
              {
                "name": "Name",
                "value": "{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              }
            ],
            "repeated": 0,
            "id": 4440
          },
          {
            "timestamp": "2026-06-30 02:26:24,510",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "94"
              },
              {
                "name": "Name",
                "value": "{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              }
            ],
            "repeated": 0,
            "id": 4441
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "95"
              },
              {
                "name": "Name",
                "value": "{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              }
            ],
            "repeated": 0,
            "id": 4442
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "96"
              },
              {
                "name": "Name",
                "value": "{b7bede81-df94-4682-a7d8-57a52620b86f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}"
              }
            ],
            "repeated": 0,
            "id": 4443
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "97"
              },
              {
                "name": "Name",
                "value": "{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}"
              }
            ],
            "repeated": 0,
            "id": 4444
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "98"
              },
              {
                "name": "Name",
                "value": "{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              }
            ],
            "repeated": 0,
            "id": 4445
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "99"
              },
              {
                "name": "Name",
                "value": "{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              }
            ],
            "repeated": 0,
            "id": 4446
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "100"
              },
              {
                "name": "Name",
                "value": "{bcb5256f-79f6-4cee-b725-dc34e402fd46}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}"
              }
            ],
            "repeated": 0,
            "id": 4447
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "101"
              },
              {
                "name": "Name",
                "value": "{bcbd3057-ca5c-4622-b42d-bc56db0ae516}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}"
              }
            ],
            "repeated": 0,
            "id": 4448
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "102"
              },
              {
                "name": "Name",
                "value": "{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
              }
            ],
            "repeated": 0,
            "id": 4449
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "103"
              },
              {
                "name": "Name",
                "value": "{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              }
            ],
            "repeated": 0,
            "id": 4450
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "104"
              },
              {
                "name": "Name",
                "value": "{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              }
            ],
            "repeated": 0,
            "id": 4451
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "105"
              },
              {
                "name": "Name",
                "value": "{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              }
            ],
            "repeated": 0,
            "id": 4452
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "106"
              },
              {
                "name": "Name",
                "value": "{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              }
            ],
            "repeated": 0,
            "id": 4453
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "107"
              },
              {
                "name": "Name",
                "value": "{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              }
            ],
            "repeated": 0,
            "id": 4454
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "108"
              },
              {
                "name": "Name",
                "value": "{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              }
            ],
            "repeated": 0,
            "id": 4455
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "109"
              },
              {
                "name": "Name",
                "value": "{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              }
            ],
            "repeated": 0,
            "id": 4456
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "110"
              },
              {
                "name": "Name",
                "value": "{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              }
            ],
            "repeated": 0,
            "id": 4457
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "111"
              },
              {
                "name": "Name",
                "value": "{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              }
            ],
            "repeated": 0,
            "id": 4458
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "112"
              },
              {
                "name": "Name",
                "value": "{de61d971-5ebc-4f02-a3a9-6c82895e5c04}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}"
              }
            ],
            "repeated": 0,
            "id": 4459
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "113"
              },
              {
                "name": "Name",
                "value": "{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              }
            ],
            "repeated": 0,
            "id": 4460
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "114"
              },
              {
                "name": "Name",
                "value": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              }
            ],
            "repeated": 0,
            "id": 4461
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "115"
              },
              {
                "name": "Name",
                "value": "{DEBF2536-E1A8-4c59-B6A2-414586476AEA}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}"
              }
            ],
            "repeated": 0,
            "id": 4462
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "116"
              },
              {
                "name": "Name",
                "value": "{df7266ac-9274-4867-8d55-3bd661de872d}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}"
              }
            ],
            "repeated": 0,
            "id": 4463
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "117"
              },
              {
                "name": "Name",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              }
            ],
            "repeated": 0,
            "id": 4464
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "118"
              },
              {
                "name": "Name",
                "value": "{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
              }
            ],
            "repeated": 0,
            "id": 4465
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "119"
              },
              {
                "name": "Name",
                "value": "{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              }
            ],
            "repeated": 0,
            "id": 4466
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "120"
              },
              {
                "name": "Name",
                "value": "{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              }
            ],
            "repeated": 0,
            "id": 4467
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "121"
              },
              {
                "name": "Name",
                "value": "{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              }
            ],
            "repeated": 0,
            "id": 4468
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "122"
              },
              {
                "name": "Name",
                "value": "{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              }
            ],
            "repeated": 0,
            "id": 4469
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "123"
              },
              {
                "name": "Name",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              }
            ],
            "repeated": 0,
            "id": 4470
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "124"
              },
              {
                "name": "Name",
                "value": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              }
            ],
            "repeated": 0,
            "id": 4471
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "125"
              },
              {
                "name": "Name",
                "value": "{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}"
              }
            ],
            "repeated": 0,
            "id": 4472
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "126"
              },
              {
                "name": "Name",
                "value": "{f42ee2d3-909f-4907-8871-4c22fc0bf756}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}"
              }
            ],
            "repeated": 0,
            "id": 4473
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "127"
              },
              {
                "name": "Name",
                "value": "{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              }
            ],
            "repeated": 0,
            "id": 4474
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "128"
              },
              {
                "name": "Name",
                "value": "{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              }
            ],
            "repeated": 0,
            "id": 4475
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "129"
              },
              {
                "name": "Name",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              }
            ],
            "repeated": 0,
            "id": 4476
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Index",
                "value": "130"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\"
              }
            ],
            "repeated": 0,
            "id": 4477
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4478
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d8bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4479
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4480
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b8"
              },
              {
                "name": "SubKey",
                "value": "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              }
            ],
            "repeated": 0,
            "id": 4481
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4482
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4483
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Searches"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4484
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4485
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4486
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Searches"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4487
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{7d1d3a04-debb-4115-95cf-2f29da2920da}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4488
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4489
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-9031"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4490
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-18"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4491
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4492
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4493
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4494
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4495
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4496
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4497
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4498
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4499
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4500
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4501
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{0b0ba2e3-405f-415e-a6ee-cad625207853}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4502
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4503
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4504
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4505
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4DF0C730-DF9D-4AE3-9153-AA6B82E9795A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "8BE2D872-86AA-4D47-B776-32CCA40C7018"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4506
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4504:120:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4507
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 4508
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4509
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4510
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4511
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4512
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4513
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4514
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4515
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4516
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 4517
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 4518
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 4519
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4520
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4521
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x95\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4522
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4523
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d4"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4524
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4525
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x91\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xd4\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4526
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4527
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4528
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4529
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"
              }
            ],
            "repeated": 0,
            "id": 4530
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4531
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xa7\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4532
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4533
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4534
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4535
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 4536
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4537
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4538
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4539
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4540
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004b8"
              },
              {
                "name": "SubKey",
                "value": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              }
            ],
            "repeated": 0,
            "id": 4541
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4542
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4543
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Windows"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4544
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4545
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4546
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4547
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4548
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4549
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4550
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4551
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4552
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4553
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4554
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4555
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4556
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4557
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4558
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4559
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4560
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4561
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4562
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4563
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4564
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4565
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4566
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              },
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}"
              }
            ],
            "repeated": 0,
            "id": 4567
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4568
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4569
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ProgramFilesCommon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4570
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4571
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4572
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4573
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4574
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4575
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4576
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4577
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4578
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4579
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4580
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4581
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4582
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4583
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4584
          },
          {
            "timestamp": "2026-06-30 02:26:24,526",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4585
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4586
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4587
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4588
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4589
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4590
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4591
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4592
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d4"
              },
              {
                "name": "SubKey",
                "value": "{2112AB0A-C86A-4FFE-A368-0DE96E47012E}"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}"
              }
            ],
            "repeated": 0,
            "id": 4593
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 4594
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4595
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "MusicLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4596
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4597
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4598
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Music.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4599
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4600
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12689"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4601
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34584"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4602
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1004"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4603
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4604
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4605
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4606
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4607
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4608
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4609
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4610
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4611
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4612
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4613
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4614
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4615
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4616
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4617
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4618
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}"
              }
            ],
            "repeated": 0,
            "id": 4619
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4620
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4621
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PublicLibraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4622
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4623
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4624
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Libraries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4625
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4626
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4627
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4628
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4629
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4630
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4631
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4632
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4633
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4634
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4635
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4636
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4637
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4638
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4639
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4640
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4641
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4642
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 4643
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4644
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d8"
              },
              {
                "name": "SubKey",
                "value": "{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}"
              }
            ],
            "repeated": 0,
            "id": 4645
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 4646
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4647
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4648
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4649
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4650
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4651
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4652
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4653
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21799"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4654
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4655
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "Data",
                "value": "D:P(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4656
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4657
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4658
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4659
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4660
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4661
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4662
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4663
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4664
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4665
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4666
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4667
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4668
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4669
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4670
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}"
              }
            ],
            "repeated": 0,
            "id": 4671
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4672
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4673
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppDataDocuments"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4674
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4675
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4676
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4677
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4678
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4679
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4680
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4681
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4682
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4683
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4684
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4685
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4686
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4687
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4688
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4689
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4690
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4691
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4692
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4693
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4694
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 4695
          },
          {
            "timestamp": "2026-06-30 02:26:24,542",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4696
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d8"
              },
              {
                "name": "SubKey",
                "value": "{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              },
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}"
              }
            ],
            "repeated": 0,
            "id": 4697
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 4698
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4699
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CD Burning"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4700
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4701
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4702
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Burn\\Burn"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4703
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4704
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4705
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21815"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4706
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4707
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4708
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4709
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4710
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4711
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4712
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4713
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4714
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4715
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4716
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4717
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4718
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4719
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004dc"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4720
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 4721
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4722
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004dc"
              },
              {
                "name": "SubKey",
                "value": "{E25B5812-BE88-4BD9-94B0-29233477B6C3}"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4BD9-94B0-29233477B6C3}"
              }
            ],
            "repeated": 0,
            "id": 4723
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 4724
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4725
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SavedPicturesLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4726
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4727
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4728
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "SavedPictures.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4729
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4730
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4731
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34583"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4732
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4733
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4734
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4735
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4736
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4737
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4738
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4739
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4740
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4741
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4742
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4743
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4744
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4745
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004dc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4746
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 4747
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4748
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d8"
              },
              {
                "name": "SubKey",
                "value": "{98EC0E18-2098-4D44-8644-66979315A281}"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}"
              }
            ],
            "repeated": 0,
            "id": 4749
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 4750
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4751
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "MAPIFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4752
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4753
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4754
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4755
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{89D83576-6BD1-4C86-9454-BEB04E94C819}\\*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4756
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4757
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4758
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4759
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4760
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4761
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4762
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4763
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4764
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4765
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4766
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4767
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4768
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4769
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4770
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4771
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4772
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4773
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4774
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              }
            ],
            "repeated": 0,
            "id": 4775
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4776
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4777
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4778
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4779
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4780
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4781
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4782
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4783
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21786"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4784
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4785
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4786
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4787
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4788
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4789
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4790
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4791
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4792
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4793
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4794
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4795
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4796
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4797
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4798
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 4799
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4800
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004d8"
              },
              {
                "name": "SubKey",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              }
            ],
            "repeated": 0,
            "id": 4801
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 4802
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4803
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "My Video"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4804
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4805
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4806
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4807
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A0953C92-50DC-43BF-BE83-3742FED03C9C}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4808
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4809
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21791"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4810
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-189"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4811
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4812
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4813
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4814
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4815
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4816
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4817
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4818
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4819
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4820
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4821
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4822
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4823
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4824
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4825
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 4826
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 4827
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4828
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4829
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4830
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb6\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcc\\xb7\\x85Ms\\x01\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4831
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4832
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 4833
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 4834
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 4835
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4836
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4837
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 4838
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 4839
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4840
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 4841
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 4842
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 4843
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb7\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00p\\x11\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xc8\\xd5\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 4844
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 4845
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4846
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4847
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4848
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4849
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4850
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}"
              },
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}"
              }
            ],
            "repeated": 0,
            "id": 4851
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 4852
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4853
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Quick Launch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4854
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4855
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4856
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Internet Explorer\\Quick Launch"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4857
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4858
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4859
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4860
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4861
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4862
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4863
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4864
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4865
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4866
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4867
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4868
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4869
          },
          {
            "timestamp": "2026-06-30 02:26:24,557",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4870
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4871
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4872
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4873
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4874
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4875
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4876
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e0"
              },
              {
                "name": "SubKey",
                "value": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
              }
            ],
            "repeated": 0,
            "id": 4877
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4878
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4879
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ProgramFilesCommonX86"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4880
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4881
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4882
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4883
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4884
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4885
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4886
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4887
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4888
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4889
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4890
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4891
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4892
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4893
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4894
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4895
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4896
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4897
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4898
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4899
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4900
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4901
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4902
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e8"
              },
              {
                "name": "SubKey",
                "value": "{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              },
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              }
            ],
            "repeated": 0,
            "id": 4903
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4904
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4905
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "3D Objects"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4906
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4907
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4908
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "3D Objects"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4909
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4910
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4911
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21825"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4912
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-198"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4913
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4914
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4915
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4916
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4917
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4918
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4919
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4920
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4921
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4922
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4923
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{b3690e58-e961-423b-b687-386ebfd83239}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4924
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4925
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4926
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4927
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 4928
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 4929
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 4930
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4931
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4932
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x95\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4933
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 4934
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e8"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 4935
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4936
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x91\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xe8\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4937
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 4938
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e8"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 4939
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4940
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}"
              }
            ],
            "repeated": 0,
            "id": 4941
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4942
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb1\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4943
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 4944
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4945
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 4946
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 4947
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 4948
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4949
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4950
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4951
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ec"
              },
              {
                "name": "SubKey",
                "value": "{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              },
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}"
              }
            ],
            "repeated": 0,
            "id": 4952
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 4953
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4954
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ConnectionsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4955
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4956
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4957
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4958
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4959
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4960
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4961
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4962
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4963
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4964
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4965
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4966
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4967
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4968
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4969
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4970
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4971
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4972
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4973
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 4974
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 4975
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4976
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 4977
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e0"
              },
              {
                "name": "SubKey",
                "value": "{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              },
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}"
              }
            ],
            "repeated": 0,
            "id": 4978
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 4979
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category"
              }
            ],
            "repeated": 0,
            "id": 4980
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PrintersFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name"
              }
            ],
            "repeated": 0,
            "id": 4981
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 4982
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description"
              }
            ],
            "repeated": 0,
            "id": 4983
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 4984
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{21EC2020-3AEA-1069-A2DD-08002B30309D}\\::{2227A280-3AEA-1069-A2DE-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 4985
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 4986
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 4987
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 4988
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security"
              }
            ],
            "repeated": 0,
            "id": 4989
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 4990
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 4991
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 4992
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 4993
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 4994
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 4995
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 4996
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 4997
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 4998
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 4999
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5000
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ec"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5001
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 5002
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5003
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004ec"
              },
              {
                "name": "SubKey",
                "value": "{491E922F-5643-4AF4-A7EB-4E7A138D8174}"
              },
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4AF4-A7EB-4E7A138D8174}"
              }
            ],
            "repeated": 0,
            "id": 5004
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 5005
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5006
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "VideosLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5007
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5008
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5009
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Videos.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5010
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{491E922F-5643-4af4-A7EB-4E7A138D8174}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5011
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5012
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34620"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5013
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1005"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5014
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5015
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5016
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5017
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5018
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5019
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5020
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5021
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5022
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5023
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5024
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5025
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5026
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004ec"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5027
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 5028
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5029
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e0"
              },
              {
                "name": "SubKey",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              }
            ],
            "repeated": 0,
            "id": 5030
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 5031
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5032
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "My Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5033
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5034
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5035
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5036
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3ADD1653-EB32-4CB0-BBD7-DFA0ABB5ACCA}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5037
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5038
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21779"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5039
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-113"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5040
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5041
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5042
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5043
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5044
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5045
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5046
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5047
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5048
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5049
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5050
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5051
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5052
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5053
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 5054
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5055
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5056
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 5057
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5058
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 5059
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb6\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdc\\xb1\\x85Ms\\x01\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5060
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5061
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5062
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 5063
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 5064
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5065
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5066
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5067
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 5068
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5069
          },
          {
            "timestamp": "2026-06-30 02:26:24,573",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5070
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 5071
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5072
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb7\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00p\\x11\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xc8\\xd5\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 5073
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 5074
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5075
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e8"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5076
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5077
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 5078
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5079
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e8"
              },
              {
                "name": "SubKey",
                "value": "{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}"
              }
            ],
            "repeated": 0,
            "id": 5080
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 5081
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5082
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ResourceDir"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5083
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5084
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5085
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5086
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5087
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5088
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5089
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5090
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5091
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5092
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5093
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5094
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5095
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5096
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5097
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5098
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5099
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5100
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5101
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5102
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5103
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5104
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5105
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f0"
              },
              {
                "name": "SubKey",
                "value": "{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}"
              }
            ],
            "repeated": 0,
            "id": 5106
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5107
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5108
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Startup"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5109
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5110
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5111
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "StartUp"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5112
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5113
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5114
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21787"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5115
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5116
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5117
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5118
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5119
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5120
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5121
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5122
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5123
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5124
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5125
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5126
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5127
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5128
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5129
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 5130
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5131
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e8"
              },
              {
                "name": "SubKey",
                "value": "{DEBF2536-E1A8-4C59-B6A2-414586476AEA}"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4C59-B6A2-414586476AEA}"
              }
            ],
            "repeated": 0,
            "id": 5132
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 5133
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5134
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PublicGameTasks"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5135
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5136
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5137
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\GameExplorer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5138
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5139
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5140
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5141
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5142
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5143
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5144
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5145
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5146
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5147
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5148
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5149
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5150
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5151
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5152
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5153
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5154
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5155
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5156
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5157
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f0"
              },
              {
                "name": "SubKey",
                "value": "{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}"
              }
            ],
            "repeated": 0,
            "id": 5158
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5159
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5160
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SyncSetupFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5161
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5162
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5163
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5164
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C},"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5165
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5166
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5167
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5168
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5169
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5170
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5171
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5172
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5173
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5174
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5175
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5176
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5177
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5178
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5179
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5180
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5181
          },
          {
            "timestamp": "2026-06-30 02:26:24,589",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 5182
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5183
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e8"
              },
              {
                "name": "SubKey",
                "value": "{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}"
              }
            ],
            "repeated": 0,
            "id": 5184
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 5185
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5186
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CommonVideo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5187
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5188
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5189
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5190
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5191
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12690"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5192
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21804"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5193
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5194
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5195
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5196
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5197
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5198
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5199
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5200
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5201
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5202
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5203
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5204
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5205
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5206
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5207
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5208
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5209
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 5210
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5211
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5212
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5213
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f4"
              },
              {
                "name": "SubKey",
                "value": "{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              }
            ],
            "repeated": 0,
            "id": 5214
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5215
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5216
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "History"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5217
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5218
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5219
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\History"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5220
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5221
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5222
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5223
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5224
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5225
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5226
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5227
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5228
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5229
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5230
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5231
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5232
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5233
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5234
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5235
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5236
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5237
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5238
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5239
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{C4900540-2379-4C75-844B-64E6FAF8716B}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}"
              }
            ],
            "repeated": 0,
            "id": 5240
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5241
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5242
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}"
              }
            ],
            "repeated": 0,
            "id": 5243
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5244
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5245
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SyncResultsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5246
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5247
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5248
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5249
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{BC48B32F-5910-47F5-8570-5074A8A5636A},"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5250
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5251
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5252
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5253
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5254
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5255
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5256
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5257
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5258
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5259
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5260
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5261
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5262
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5263
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5264
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5265
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5266
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5267
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5268
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f4"
              },
              {
                "name": "SubKey",
                "value": "{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}"
              }
            ],
            "repeated": 0,
            "id": 5269
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5270
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5271
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ConflictFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5272
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5273
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5274
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5275
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{E413D040-6788-4C22-957E-175D1C513A34},"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5276
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5277
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5278
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5279
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5280
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5281
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5282
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5283
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5284
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5285
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5286
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5287
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5288
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5289
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5290
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5291
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5292
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5293
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5294
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}"
              }
            ],
            "repeated": 0,
            "id": 5295
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5296
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5297
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "RecycleBinFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5298
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5299
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5300
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5301
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{645FF040-5081-101B-9F08-00AA002F954E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5302
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5303
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5304
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5305
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5306
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5307
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5308
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5309
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5310
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5311
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5312
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5313
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5314
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5315
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5316
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5317
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5318
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5319
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5320
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f0"
              },
              {
                "name": "SubKey",
                "value": "{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}"
              }
            ],
            "repeated": 0,
            "id": 5321
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5322
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5323
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CSCFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5324
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5325
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5326
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5327
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5328
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5329
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5330
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5331
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5332
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5333
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5334
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5335
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5336
          },
          {
            "timestamp": "2026-06-30 02:26:24,604",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5337
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5338
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5339
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5340
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5341
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5342
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5343
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5344
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5345
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d8be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5346
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5347
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}"
              }
            ],
            "repeated": 0,
            "id": 5348
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5349
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5350
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Ringtones"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5351
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5352
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5353
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Ringtones"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5354
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5355
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5356
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5357
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5358
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5359
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5360
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5361
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5362
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5363
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5364
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5365
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5366
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5367
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5368
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5369
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5370
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5371
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5372
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5373
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f0"
              },
              {
                "name": "SubKey",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              }
            ],
            "repeated": 0,
            "id": 5374
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5375
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5376
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5377
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5378
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5379
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5380
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5381
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5382
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21782"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5383
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5384
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5385
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5386
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5387
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5388
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5389
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5390
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5391
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5392
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5393
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5394
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5395
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5396
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5397
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5398
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5399
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}"
              }
            ],
            "repeated": 0,
            "id": 5400
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5401
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5402
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NetHood"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5403
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5404
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5405
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Network Shortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5406
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5407
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5408
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5409
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5410
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5411
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5412
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5413
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5414
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5415
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5416
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5417
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5418
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5419
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5420
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5421
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5422
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f0"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5423
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5424
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5425
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f0"
              },
              {
                "name": "SubKey",
                "value": "{56784854-C6CB-462B-8169-88E350ACB882}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}"
              }
            ],
            "repeated": 0,
            "id": 5426
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 5427
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5428
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Contacts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5429
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5430
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5431
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Contacts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5432
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{56784854-C6CB-462B-8169-88E350ACB882}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5433
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%CommonProgramFiles%\\system\\wab32res.dll,-10200"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5434
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%CommonProgramFiles%\\system\\wab32res.dll,-10100"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5435
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-181"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5436
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5437
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5438
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5439
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5440
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5441
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5442
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5443
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5444
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5445
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5446
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{de2b70ec-9bf7-4a93-bd3d-243f7881d492}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5447
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5448
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5449
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5450
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5451
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 5452
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5453
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5454
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5455
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5456
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x95\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5457
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 5458
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5459
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5460
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x91\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xc4\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5461
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5462
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5463
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5464
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "{56784854-C6CB-462B-8169-88E350ACB882}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}"
              }
            ],
            "repeated": 0,
            "id": 5465
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5466
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xab\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5467
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 5468
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5469
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 5470
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5471
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5472
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5473
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5474
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5475
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}"
              }
            ],
            "repeated": 0,
            "id": 5476
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5477
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5478
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "UserProgramFilesCommon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5479
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5480
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5481
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Common"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5482
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5483
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5484
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5485
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5486
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5487
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5488
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5489
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5490
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5491
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5492
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5493
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5494
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5495
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5496
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5497
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5498
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5499
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5500
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5501
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"
              },
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"
              }
            ],
            "repeated": 0,
            "id": 5502
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5503
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5504
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Roaming Tiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5505
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5506
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5507
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\RoamingTiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5508
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5509
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5510
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5511
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5512
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5513
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5514
          },
          {
            "timestamp": "2026-06-30 02:26:24,620",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5515
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5516
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5517
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5518
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5519
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5520
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5521
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5522
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5523
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5524
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004fc"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5525
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 5526
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5527
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5528
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 5529
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Data",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 5530
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 5531
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5532
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 5533
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb6\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdc\\xac\\x85Ms\\x01\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5534
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5535
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5536
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 5537
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 5538
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5539
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5540
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5541
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 5542
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5543
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5544
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 5545
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5546
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb7\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00p\\x11\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xc8\\xd5\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 5547
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 5548
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5549
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004fc"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5550
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5551
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 5552
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 5553
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5554
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5555
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5556
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004fc"
              },
              {
                "name": "SubKey",
                "value": "{A302545D-DEFF-464B-ABE8-61C8648D939B}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464B-ABE8-61C8648D939B}"
              }
            ],
            "repeated": 0,
            "id": 5557
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004fc"
              }
            ],
            "repeated": 0,
            "id": 5558
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5559
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "UsersLibrariesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5560
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5561
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5562
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5563
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5564
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5565
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5566
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5567
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5568
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5569
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5570
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5571
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5572
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5573
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5574
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5575
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5576
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5577
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5578
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5579
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5580
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5581
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5582
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              }
            ],
            "repeated": 0,
            "id": 5583
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5584
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5585
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Cookies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5586
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5587
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5588
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\INetCookies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5589
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5590
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5591
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5592
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5593
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5594
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5595
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5596
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5597
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5598
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5599
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5600
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5601
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5602
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5603
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5604
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5605
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000500"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5606
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5607
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5608
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000500"
              },
              {
                "name": "SubKey",
                "value": "{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}"
              }
            ],
            "repeated": 0,
            "id": 5609
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5610
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5611
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "LocalizedResourcesDir"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5612
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5613
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5614
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5615
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5616
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5617
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5618
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5619
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5620
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5621
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5622
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5623
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5624
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5625
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5626
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5627
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5628
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5629
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5630
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5631
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5632
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5633
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5634
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}"
              }
            ],
            "repeated": 0,
            "id": 5635
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5636
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5637
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CommonRingtones"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5638
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5639
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5640
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Ringtones"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5641
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5642
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5643
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5644
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5645
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5646
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5647
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5648
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5649
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5650
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5651
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5652
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5653
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5654
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5655
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5656
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5657
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000500"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5658
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5659
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5660
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000500"
              },
              {
                "name": "SubKey",
                "value": "{054FAE61-4DD8-4787-80B6-090220C4B700}"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}"
              }
            ],
            "repeated": 0,
            "id": 5661
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5662
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5663
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "GameTasks"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5664
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5665
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5666
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\GameExplorer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5667
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5668
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5669
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5670
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5671
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5672
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5673
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5674
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5675
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5676
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5677
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5678
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5679
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5680
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5681
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5682
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5683
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5684
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5685
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5686
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}"
              }
            ],
            "repeated": 0,
            "id": 5687
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5688
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5689
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Favorites"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5690
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5691
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5692
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Favorites"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5693
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5694
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5695
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21796"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5696
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-115"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5697
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5698
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5699
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5700
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5701
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5702
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5703
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5704
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5705
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5706
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5707
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5708
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5709
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000500"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5710
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5711
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 5712
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5713
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5714
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5715
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5716
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x95\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5717
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 5718
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 5719
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5720
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x91\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xe4\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5721
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5722
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5723
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5724
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "Favorites"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\Favorites"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites"
              }
            ],
            "repeated": 0,
            "id": 5725
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5726
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5727
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5728
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5729
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 5730
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Data",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 5731
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5732
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5733
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5734
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb6\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\xcd\\x85Ms\\x01\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5735
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5736
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5737
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000500"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 5738
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 5739
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5740
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5741
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5742
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 5743
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5744
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5745
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 5746
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5747
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb7\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00p\\x11\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xc8\\xd5\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 5748
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 5749
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5750
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5751
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5752
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5753
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 5754
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5755
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 5756
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5757
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}"
              }
            ],
            "repeated": 0,
            "id": 5758
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5759
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5760
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004c4"
              },
              {
                "name": "SubKey",
                "value": "{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}"
              }
            ],
            "repeated": 0,
            "id": 5761
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5762
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5763
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "HomeGroupFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5764
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5765
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5766
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5767
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5768
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5769
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5770
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1013"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5771
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5772
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5773
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5774
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5775
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5776
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5777
          },
          {
            "timestamp": "2026-06-30 02:26:24,635",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5778
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5779
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5780
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5781
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5782
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5783
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000500"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004c4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5784
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5785
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5786
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000500"
              },
              {
                "name": "SubKey",
                "value": "{8983036C-27C0-404B-8F08-102D10DCFD74}"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}"
              }
            ],
            "repeated": 0,
            "id": 5787
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5788
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5789
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SendTo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5790
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5791
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5792
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\SendTo"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5793
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5794
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5795
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5796
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5797
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5798
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5799
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5800
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5801
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5802
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5803
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5804
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5805
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5806
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5807
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5808
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5809
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5810
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5811
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5812
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "{0482AF6C-08F1-4C34-8C90-E17EC98B1E17}"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482AF6C-08F1-4C34-8C90-E17EC98B1E17}"
              }
            ],
            "repeated": 0,
            "id": 5813
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5814
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5815
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PublicAccountPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5816
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5817
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5818
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "AccountPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5819
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5820
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5821
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@C:\\Windows\\System32\\Windows.UI.Immersive.dll,-38304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5822
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5823
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5824
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5825
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5826
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5827
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5828
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5829
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5830
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5831
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5832
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5833
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5834
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5835
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000500"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5836
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5837
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5838
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000500"
              },
              {
                "name": "SubKey",
                "value": "{BCB5256F-79F6-4CEE-B725-DC34E402FD46}"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCB5256F-79F6-4CEE-B725-DC34E402FD46}"
              }
            ],
            "repeated": 0,
            "id": 5839
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5840
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5841
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ImplicitAppShortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5842
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5843
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5844
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "ImplicitAppShortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5845
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5846
          },
          {
            "timestamp": "2026-06-30 02:26:24,651",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5847
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5848
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5849
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5850
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5851
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5852
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5853
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5854
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5855
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5856
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5857
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5858
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5859
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5860
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5861
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5862
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5863
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5864
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}"
              }
            ],
            "repeated": 0,
            "id": 5865
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5866
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5867
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Administrative Tools"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5868
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5869
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5870
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Administrative Tools"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5871
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5872
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5873
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21762"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5874
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5875
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5876
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5877
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5878
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5879
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5880
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5881
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5882
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5883
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5884
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5885
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5886
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5887
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000500"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5888
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5889
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5890
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000500"
              },
              {
                "name": "SubKey",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}"
              }
            ],
            "repeated": 0,
            "id": 5891
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              }
            ],
            "repeated": 0,
            "id": 5892
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5893
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "My Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5894
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5895
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5896
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5897
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{1CF1260C-4DD0-4EBB-811F-33C572699FDE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5898
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12689"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5899
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21790"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5900
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-108"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5901
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5902
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5903
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5904
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5905
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5906
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5907
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5908
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5909
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5910
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5911
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5912
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5913
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5914
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5915
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5916
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 5917
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5918
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5919
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5920
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb6\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00,\\xc1\\x85Ms\\x01\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5921
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 5922
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004e4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 5923
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 5924
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 5925
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5926
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5927
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5928
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 5929
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5930
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 5931
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 5932
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 5933
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb7\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00p\\x11\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xc8\\xd5\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 5934
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 5935
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5936
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 5937
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5938
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5939
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5940
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}"
              }
            ],
            "repeated": 0,
            "id": 5941
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 5942
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5943
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AddNewProgramsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5944
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5945
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5946
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5947
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{15eae92e-f17a-4431-9f28-805e482dafd4}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5948
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5949
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5950
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5951
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5952
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5953
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5954
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5955
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5956
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5957
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5958
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5959
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5960
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5961
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5962
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5963
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5964
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5965
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5966
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f4"
              },
              {
                "name": "SubKey",
                "value": "{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              },
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}"
              }
            ],
            "repeated": 0,
            "id": 5967
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 5968
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5969
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Captures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5970
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5971
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5972
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Captures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5973
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 5974
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 5975
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21826"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 5976
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 5977
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Security"
              }
            ],
            "repeated": 0,
            "id": 5978
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 5979
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 5980
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 5981
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 5982
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 5983
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 5984
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 5985
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 5986
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 5987
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 5988
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 5989
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000504"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 5990
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5991
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 5992
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000504"
              },
              {
                "name": "SubKey",
                "value": "{0762D272-C50A-4BB0-A382-697DCD729B80}"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}"
              }
            ],
            "repeated": 0,
            "id": 5993
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 5994
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category"
              }
            ],
            "repeated": 0,
            "id": 5995
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "UserProfiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name"
              }
            ],
            "repeated": 0,
            "id": 5996
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 5997
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description"
              }
            ],
            "repeated": 0,
            "id": 5998
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 5999
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6000
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6001
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21813"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6002
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6003
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "Data",
                "value": "D:P(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;WD)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6004
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6005
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6006
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6007
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6008
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6009
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6010
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6011
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6012
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6013
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6014
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6015
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6016
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 6017
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6018
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f4"
              },
              {
                "name": "SubKey",
                "value": "{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              },
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}"
              }
            ],
            "repeated": 0,
            "id": 6019
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 6020
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6021
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "InternetFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6022
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6023
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6024
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6025
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{871C5380-42A0-1069-A2EA-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6026
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6027
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6028
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6029
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6030
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6031
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6032
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6033
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6034
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6035
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6036
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6037
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6038
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6039
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6040
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6041
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000504"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6042
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 6043
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6044
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000504"
              },
              {
                "name": "SubKey",
                "value": "{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              }
            ],
            "repeated": 0,
            "id": 6045
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000504"
              }
            ],
            "repeated": 0,
            "id": 6046
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6047
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CameraRollLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6048
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6049
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6050
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "CameraRoll.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6051
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{2B20DF75-1EDA-4039-8097-38798227D5B7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6052
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6053
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34582"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6054
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6055
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6056
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-5"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6057
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6058
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6059
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6060
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6061
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6062
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6063
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6064
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6065
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6066
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6067
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000504"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6068
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 6069
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6070
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f4"
              },
              {
                "name": "SubKey",
                "value": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
              }
            ],
            "repeated": 0,
            "id": 6071
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f4"
              }
            ],
            "repeated": 0,
            "id": 6072
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6073
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "System"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6074
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6075
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6076
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6077
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6078
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6079
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6080
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6081
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6082
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6083
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6084
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6085
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6086
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6087
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6088
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6089
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6090
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6091
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6092
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6093
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004f4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6094
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 6095
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6096
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              }
            ],
            "repeated": 0,
            "id": 6097
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 6098
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6099
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6100
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6101
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6102
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6103
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6104
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6105
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21782"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6106
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6107
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6108
          },
          {
            "timestamp": "2026-06-30 02:26:24,667",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6109
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6110
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6111
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6112
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6113
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6114
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6115
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6116
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6117
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6118
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6119
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6120
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6121
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6122
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{6D809377-6AF0-444B-8957-A3773F02200E}"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}"
              }
            ],
            "repeated": 0,
            "id": 6123
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6124
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6125
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ProgramFilesX64"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6126
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6127
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6128
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6129
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6130
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6131
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6132
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6133
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6134
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6135
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6136
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6137
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6138
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6139
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6140
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6141
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6142
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6143
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6144
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6145
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6146
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 6147
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6148
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}"
              }
            ],
            "repeated": 0,
            "id": 6149
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 6150
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6151
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppDataDesktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6152
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6153
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6154
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6155
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6156
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6157
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6158
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6159
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6160
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6161
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6162
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6163
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6164
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6165
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6166
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6167
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6168
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6169
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6170
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6171
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6172
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6173
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6174
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}"
              }
            ],
            "repeated": 0,
            "id": 6175
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6176
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6177
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Camera Roll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6178
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6179
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6180
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Camera Roll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6181
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6182
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6183
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21824"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6184
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6185
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6186
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6187
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6188
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6189
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6190
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6191
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6192
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6193
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6194
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6195
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6196
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "Data",
                "value": "{B26388EA-AD62-430f-AF5C-CFA63BFE94A6}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6197
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6198
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 6199
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6200
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}"
              }
            ],
            "repeated": 0,
            "id": 6201
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 6202
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6203
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "MyComputerFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6204
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6205
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6206
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6207
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6208
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6209
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6210
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6211
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6212
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6213
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6214
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6215
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6216
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6217
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6218
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6219
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6220
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6221
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6222
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6223
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6224
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6225
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6226
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}"
              }
            ],
            "repeated": 0,
            "id": 6227
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6228
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6229
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Administrative Tools"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6230
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6231
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6232
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Administrative Tools"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6233
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6234
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6235
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21762"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6236
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6237
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6238
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6239
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6240
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6241
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6242
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6243
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6244
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6245
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6246
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6247
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6248
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6249
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6250
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 6251
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6252
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004e4"
              },
              {
                "name": "SubKey",
                "value": "{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}"
              }
            ],
            "repeated": 0,
            "id": 6253
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 6254
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6255
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "DocumentsLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6256
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6257
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6258
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Documents.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6259
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6260
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6261
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34575"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6262
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1002"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6263
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6264
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6265
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6266
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6267
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6268
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6269
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6270
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6271
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6272
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6273
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6274
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6275
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004e4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6276
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6277
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6278
          },
          {
            "timestamp": "2026-06-30 02:26:24,682",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}"
              }
            ],
            "repeated": 0,
            "id": 6279
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6280
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6281
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Application Shortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6282
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6283
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6284
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Application Shortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6285
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6286
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6287
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-50704"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6288
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6289
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6290
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6291
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6292
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6293
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6294
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6295
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6296
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6297
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6298
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6299
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6300
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6301
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6302
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6303
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6304
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "{AE50C081-EBD2-438A-8655-8A092E34987A}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}"
              }
            ],
            "repeated": 0,
            "id": 6305
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6306
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6307
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Recent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6308
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6309
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6310
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Recent"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6311
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6312
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@shell32,dll,-12692"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6313
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21797"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6314
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-117"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6315
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6316
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6317
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6318
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6319
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6320
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6321
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6322
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6323
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6324
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6325
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6326
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6327
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6328
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6329
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6330
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{B7BEDE81-DF94-4682-A7D8-57A52620B86F}"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7BEDE81-DF94-4682-A7D8-57A52620B86F}"
              }
            ],
            "repeated": 0,
            "id": 6331
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6332
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6333
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Screenshots"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6334
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6335
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6336
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Screenshots"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6337
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6338
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6339
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21823"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6340
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6341
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6342
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6343
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6344
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6345
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6346
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6347
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6348
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6349
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6350
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6351
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6352
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6353
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6354
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6355
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6356
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "{3B193882-D3AD-4EAB-965A-69829D1FB59F}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4EAB-965A-69829D1FB59F}"
              }
            ],
            "repeated": 0,
            "id": 6357
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6358
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6359
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SavedPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6360
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6361
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6362
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Saved Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6363
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6364
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6365
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34583"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6366
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6367
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6368
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6369
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6370
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6371
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6372
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6373
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6374
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6375
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6376
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6377
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6378
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6379
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6380
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6381
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6382
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              }
            ],
            "repeated": 0,
            "id": 6383
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6384
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6385
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6386
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6387
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6388
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6389
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6390
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6391
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6392
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6393
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6394
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6395
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6396
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6397
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6398
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6399
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6400
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6401
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6402
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6403
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6404
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6405
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6406
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6407
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6408
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              }
            ],
            "repeated": 0,
            "id": 6409
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6410
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6411
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6412
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6413
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6414
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6415
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6416
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6417
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6418
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6419
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6420
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6421
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6422
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6423
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6424
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6425
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6426
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6427
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6428
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6429
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6430
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6431
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6432
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6433
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6434
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              }
            ],
            "repeated": 0,
            "id": 6435
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6436
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6437
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ThisPCDesktopFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6438
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6439
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6440
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Desktop"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6441
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6442
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6443
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21769"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6444
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-183"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6445
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6446
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6447
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6448
          },
          {
            "timestamp": "2026-06-30 02:26:24,698",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6449
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6450
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6451
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6452
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6453
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6454
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6455
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6456
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6457
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6458
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6459
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6460
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6461
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6462
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6463
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6464
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x95\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6465
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 6466
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 6467
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6468
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x91\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xf8\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6469
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6470
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6471
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6472
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "ValueName",
                "value": "{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}"
              }
            ],
            "repeated": 0,
            "id": 6473
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6474
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xc0\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6475
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 6476
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 6477
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 6478
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 6479
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6480
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6481
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 6482
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6483
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000050c"
              },
              {
                "name": "SubKey",
                "value": "{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}"
              }
            ],
            "repeated": 0,
            "id": 6484
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000050c"
              }
            ],
            "repeated": 0,
            "id": 6485
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6486
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CommonPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6487
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6488
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6489
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Pictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6490
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6491
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6492
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21802"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6493
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6494
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6495
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6496
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6497
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6498
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6499
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6500
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6501
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6502
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6503
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6504
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6505
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6506
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x0000050c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6507
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6508
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6509
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "{1E87508D-89C2-42F0-8A7E-645A0F50CA58}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1E87508D-89C2-42F0-8A7E-645A0F50CA58}"
              }
            ],
            "repeated": 0,
            "id": 6510
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6511
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6512
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6513
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6514
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6515
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6516
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{4234d49b-0245-4df3-b780-3893943456e1}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6517
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6518
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6519
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6520
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6521
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6522
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6523
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6524
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6525
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6526
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6527
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6528
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6529
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6530
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6531
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6532
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6533
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6534
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6535
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}"
              }
            ],
            "repeated": 0,
            "id": 6536
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6537
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6538
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PrintHood"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6539
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6540
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6541
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Printer Shortcuts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6542
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6543
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6544
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6545
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6546
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6547
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6548
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6549
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6550
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6551
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6552
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6553
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6554
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6555
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6556
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6557
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6558
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6559
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6560
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6561
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}"
              }
            ],
            "repeated": 0,
            "id": 6562
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6563
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6564
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Development Files"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6565
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6566
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6567
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "DevelopmentFiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6568
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6569
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6570
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6571
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6572
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6573
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6574
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6575
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6576
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6577
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6578
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6579
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6580
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6581
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6582
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6583
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6584
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6585
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6586
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6587
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}"
              }
            ],
            "repeated": 0,
            "id": 6588
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6589
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6590
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PhotoAlbums"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6591
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6592
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6593
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Slide Shows"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6594
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6595
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6596
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21819"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6597
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6598
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6599
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6600
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6601
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6602
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6603
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6604
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6605
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6606
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6607
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6608
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6609
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6610
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6611
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6612
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6613
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}"
              }
            ],
            "repeated": 0,
            "id": 6614
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 6615
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6616
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6617
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6618
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6619
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6620
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6621
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6622
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21798"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6623
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-184"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6624
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "Data",
                "value": "S:AI(RA;IOOICI;;;;WD;(\"IMAGELOAD\",TU,0x0,0x01))"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6625
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6626
          },
          {
            "timestamp": "2026-06-30 02:26:24,714",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6627
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6628
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6629
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6630
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6631
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6632
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6633
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6634
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{885A186E-A440-4ADA-812B-DB871B942259}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6635
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6636
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6637
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6638
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 6639
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000514"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 6640
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6641
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6642
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6643
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb6\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8c\\xc5\\x85Ms\\x01\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6644
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6645
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6646
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000004f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 6647
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 6648
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6649
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6650
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6651
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 6652
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6653
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6654
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 6655
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6656
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb7\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00p\\x11\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xc8\\xd5\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 6657
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 6658
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6659
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6660
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6661
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6662
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6663
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}"
              }
            ],
            "repeated": 0,
            "id": 6664
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6665
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6666
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              }
            ],
            "repeated": 0,
            "id": 6667
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6668
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6669
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppMods"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6670
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6671
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6672
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "AppMods"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6673
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6674
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6675
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21829"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6676
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6677
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6678
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6679
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6680
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6681
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6682
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6683
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6684
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6685
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6686
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6687
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "Data",
                "value": "{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6688
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6689
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000518"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6690
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6691
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6692
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6693
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6694
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6695
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6696
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x95\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6697
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 6698
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 6699
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6700
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x91\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00\\xf8\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6701
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6702
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6703
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6704
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}"
              }
            ],
            "repeated": 0,
            "id": 6705
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6706
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xc9\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6707
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 6708
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 6709
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 6710
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 6711
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6712
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6713
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6714
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 6715
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 6716
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 6717
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Data",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 6718
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6719
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6720
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6721
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb6\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xec\\xc9\\x85Ms\\x01\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6722
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6723
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6724
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 6725
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 6726
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6727
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6728
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6729
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 6730
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6731
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6732
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 6733
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6734
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb7\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00p\\x11\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xc8\\xd5\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 6735
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 6736
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6737
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6738
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6739
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6740
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6741
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6742
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6743
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6744
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "{A305CE99-F527-492B-8B1A-7E76FA98D6E4}"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A305CE99-F527-492B-8B1A-7E76FA98D6E4}"
              }
            ],
            "repeated": 0,
            "id": 6745
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6746
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6747
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppUpdatesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6748
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6749
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6750
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6751
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6752
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6753
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6754
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6755
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6756
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6757
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6758
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6759
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6760
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6761
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6762
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6763
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6764
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6765
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6766
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6767
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000518"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6768
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6769
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6770
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000518"
              },
              {
                "name": "SubKey",
                "value": "{3D644C9B-1FB8-4F30-9B45-F670235F79C0}"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}"
              }
            ],
            "repeated": 0,
            "id": 6771
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6772
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6773
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CommonDownloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6774
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6775
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6776
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Downloads"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6777
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6778
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6779
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21808"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6780
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6781
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6782
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6783
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6784
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6785
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6786
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6787
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6788
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6789
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6790
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6791
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6792
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6793
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6794
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6795
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 6796
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 6797
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 6798
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Data",
                "value": "{374DE290-123F-4565-9164-39C4925E467B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 6799
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6800
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6801
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6802
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb6\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\xbd\\x85Ms\\x01\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6803
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 6804
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000051c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 6805
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 6806
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 6807
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6808
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6809
          },
          {
            "timestamp": "2026-06-30 02:26:24,729",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6810
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 6811
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6812
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 6813
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 6814
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6815
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb7\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00p\\x11\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xc8\\xd5\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 6816
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 6817
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6818
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 6819
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6820
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6821
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 6822
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6823
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 6824
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6825
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "{A440879F-87A0-4F7D-B700-0207B966194A}"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}"
              }
            ],
            "repeated": 0,
            "id": 6826
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6827
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6828
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Start Menu Places"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6829
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6830
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6831
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Start Menu Places"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6832
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6833
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6834
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21786"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6835
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6836
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6837
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6838
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6839
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6840
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6841
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6842
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6843
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6844
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6845
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6846
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6847
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6848
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000518"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6849
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6850
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6851
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000518"
              },
              {
                "name": "SubKey",
                "value": "{A990AE9F-A03B-4E80-94BC-9912D7504104}"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4E80-94BC-9912D7504104}"
              }
            ],
            "repeated": 0,
            "id": 6852
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 6853
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6854
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "PicturesLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6855
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6856
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6857
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Pictures.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6858
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{A990AE9F-A03B-4e80-94BC-9912D7504104}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6859
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12688"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6860
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-34595"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6861
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1003"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6862
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6863
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6864
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6865
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6866
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6867
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6868
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6869
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6870
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6871
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6872
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6873
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6874
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000518"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6875
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6876
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d8c3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6877
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6878
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              }
            ],
            "repeated": 0,
            "id": 6879
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6880
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6881
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Public"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6882
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6883
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6884
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6885
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6886
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6887
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21816"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6888
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6889
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "Data",
                "value": "D:PAI(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICIIO;0x1301ff;;;IU)(A;;0x1200af;;;IU)(A;OICIIO;0x1301ff;;;SU)(A;;0x1200af;;;SU)(A;OICIIO;0x1301ff;;;S-1-5-3)(A;;0x1200af;;;S-1-5-3)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6890
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6891
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6892
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6893
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6894
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6895
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6896
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6897
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6898
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6899
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6900
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6901
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6902
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6903
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6904
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}"
              }
            ],
            "repeated": 0,
            "id": 6905
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6906
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6907
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "RecordedTVLibrary"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6908
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6909
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6910
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "RecordedTV.library-ms"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6911
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6912
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6913
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-34615"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6914
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-1008"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6915
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6916
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\shell32.dll,-8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6917
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "Data",
                "value": "LIBRARY"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6918
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6919
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6920
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6921
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6922
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6923
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6924
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6925
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6926
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6927
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6928
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6929
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6930
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}"
              }
            ],
            "repeated": 0,
            "id": 6931
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6932
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6933
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppDataProgramData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6934
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6935
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6936
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "ProgramData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6937
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6938
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6939
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6940
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6941
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6942
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6943
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6944
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6945
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6946
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6947
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6948
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6949
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6950
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6951
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6952
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6953
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6954
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6955
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6956
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004f8"
              },
              {
                "name": "SubKey",
                "value": "{9B74B6A3-0DFD-4F11-9E78-5F7800F2E772}"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4F11-9E78-5F7800F2E772}"
              }
            ],
            "repeated": 0,
            "id": 6957
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f8"
              }
            ],
            "repeated": 0,
            "id": 6958
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6959
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "HomeGroupCurrentUserFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6960
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6961
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6962
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6963
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\$CurrentUser$"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6964
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6965
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6966
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6967
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6968
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6969
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6970
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6971
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6972
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6973
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 6974
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 6975
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 6976
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 6977
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 6978
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 6979
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x000004f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 6980
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6981
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 6982
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
              }
            ],
            "repeated": 0,
            "id": 6983
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 6984
          },
          {
            "timestamp": "2026-06-30 02:26:24,745",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category"
              }
            ],
            "repeated": 0,
            "id": 6985
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "LocalAppDataLow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name"
              }
            ],
            "repeated": 0,
            "id": 6986
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 6987
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description"
              }
            ],
            "repeated": 0,
            "id": 6988
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "AppData\\LocalLow"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 6989
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 6990
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 6991
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 6992
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 6993
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "Data",
                "value": "S:(ML;OICI;NW;;;LW)"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security"
              }
            ],
            "repeated": 0,
            "id": 6994
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 6995
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 6996
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 6997
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 6998
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 6999
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7000
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7001
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7002
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "8192"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7003
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7004
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7005
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000520"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7006
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 7007
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7008
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000520"
              },
              {
                "name": "SubKey",
                "value": "{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}"
              }
            ],
            "repeated": 0,
            "id": 7009
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 7010
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7011
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Roamed Tile Images"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7012
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7013
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7014
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\RoamedTileImages"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7015
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7016
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7017
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7018
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7019
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7020
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7021
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7022
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7023
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7024
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7025
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7026
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7027
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7028
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7029
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7030
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7031
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7032
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 7033
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7034
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "{6365D5A7-0F0D-45E5-87F6-0DA56B6A4F7D}"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45E5-87F6-0DA56B6A4F7D}"
              }
            ],
            "repeated": 0,
            "id": 7035
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 7036
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7037
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ProgramFilesCommonX64"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7038
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7039
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7040
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7041
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7042
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7043
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7044
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7045
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7046
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7047
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7048
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7049
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7050
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7051
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7052
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7053
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7054
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7055
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7056
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7057
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000520"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7058
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 7059
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7060
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000520"
              },
              {
                "name": "SubKey",
                "value": "{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}"
              }
            ],
            "repeated": 0,
            "id": 7061
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 7062
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7063
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CryptoKeys"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7064
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7065
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7066
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7067
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7068
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7069
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7070
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7071
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7072
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7073
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7074
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7075
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7076
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7077
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7078
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7079
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7080
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7081
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7082
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7083
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7084
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 7085
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7086
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}"
              }
            ],
            "repeated": 0,
            "id": 7087
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 7088
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7089
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Original Images"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7090
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7091
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7092
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows Photo Gallery\\Original Images"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7093
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7094
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7095
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7096
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7097
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7098
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7099
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7100
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7101
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7102
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7103
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7104
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7105
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7106
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7107
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7108
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7109
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000520"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7110
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 7111
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7112
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000520"
              },
              {
                "name": "SubKey",
                "value": "{9E3995AB-1F9C-4F13-B827-48B24B6C7174}"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}"
              }
            ],
            "repeated": 0,
            "id": 7113
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 7114
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7115
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "User Pinned"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7116
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7117
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7118
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "User Pinned"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7119
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7120
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7121
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7122
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7123
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7124
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7125
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7126
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7127
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7128
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7129
          },
          {
            "timestamp": "2026-06-30 02:26:24,760",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7130
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7131
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7132
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7133
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7134
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7135
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7136
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 7137
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7138
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "{DF7266AC-9274-4867-8D55-3BD661DE872D}"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DF7266AC-9274-4867-8D55-3BD661DE872D}"
              }
            ],
            "repeated": 0,
            "id": 7139
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 7140
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7141
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ChangeRemoveProgramsFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7142
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7143
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7144
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7145
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7146
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7147
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7148
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7149
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7150
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7151
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7152
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7153
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7154
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7155
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7156
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7157
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7158
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7159
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7160
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7161
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7162
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 7163
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7164
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000508"
              },
              {
                "name": "SubKey",
                "value": "{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}"
              }
            ],
            "repeated": 0,
            "id": 7165
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000508"
              }
            ],
            "repeated": 0,
            "id": 7166
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7167
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7168
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7169
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7170
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7171
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7172
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7173
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21801"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7174
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7175
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7176
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7177
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7178
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7179
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7180
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7181
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7182
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7183
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7184
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7185
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7186
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7187
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000508"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7188
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 7189
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7190
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000051c"
              },
              {
                "name": "SubKey",
                "value": "{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}"
              }
            ],
            "repeated": 0,
            "id": 7191
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 7192
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7193
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SystemX86"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7194
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7195
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7196
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7197
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7198
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7199
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7200
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7201
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7202
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7203
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7204
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7205
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7206
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7207
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7208
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7209
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7210
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7211
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7212
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7213
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000510"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x0000051c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7214
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7215
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7216
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000510"
              },
              {
                "name": "SubKey",
                "value": "{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}"
              }
            ],
            "repeated": 0,
            "id": 7217
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7218
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7219
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AccountPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7220
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7221
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7222
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\AccountPictures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7223
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7224
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7225
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@C:\\Windows\\System32\\Windows.UI.Immersive.dll,-38305"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7226
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7227
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7228
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7229
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7230
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7231
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7232
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7233
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7234
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7235
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7236
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7237
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7238
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7239
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000520"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7240
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 7241
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7242
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000520"
              },
              {
                "name": "SubKey",
                "value": "{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}"
              }
            ],
            "repeated": 0,
            "id": 7243
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 7244
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7245
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CommonMusic"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7246
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7247
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7248
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Music"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7249
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7250
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-12689"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7251
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21803"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7252
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7253
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7254
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7255
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7256
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7257
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7258
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7259
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7260
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7261
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7262
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7263
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7264
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7265
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000510"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000520"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7266
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7267
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7268
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000510"
              },
              {
                "name": "SubKey",
                "value": "{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              },
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}"
              }
            ],
            "repeated": 0,
            "id": 7269
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7270
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7271
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SearchHistoryFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7272
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7273
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7274
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\ConnectedSearch\\History"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7275
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7276
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7277
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7278
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7279
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7280
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7281
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7282
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7283
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7284
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7285
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7286
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7287
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7288
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7289
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7290
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7291
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000524"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7292
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 7293
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7294
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000524"
              },
              {
                "name": "SubKey",
                "value": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
              }
            ],
            "repeated": 0,
            "id": 7295
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 7296
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7297
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ProgramFiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7298
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7299
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7300
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7301
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7302
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7303
          },
          {
            "timestamp": "2026-06-30 02:26:24,776",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21781"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7304
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7305
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7306
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7307
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7308
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7309
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7310
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7311
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7312
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7313
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7314
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7315
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7316
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7317
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000510"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000524"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7318
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7319
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7320
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000510"
              },
              {
                "name": "SubKey",
                "value": "{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}"
              }
            ],
            "repeated": 0,
            "id": 7321
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000510"
              }
            ],
            "repeated": 0,
            "id": 7322
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7323
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Fonts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7324
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7325
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7326
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7327
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7328
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7329
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7330
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7331
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7332
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7333
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7334
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7335
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7336
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7337
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7338
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7339
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7340
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7341
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7342
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7343
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000510"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7344
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 7345
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7346
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}"
              }
            ],
            "repeated": 0,
            "id": 7347
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 7348
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7349
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Startup"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7350
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7351
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7352
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "StartUp"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7353
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7354
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7355
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21787"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7356
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7357
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7358
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7359
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7360
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7361
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7362
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7363
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7364
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7365
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7366
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7367
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7368
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7369
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7370
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7371
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7372
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}"
              }
            ],
            "repeated": 0,
            "id": 7373
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7374
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7375
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "AppDataFavorites"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7376
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7377
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7378
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Favorites"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7379
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7380
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7381
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7382
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7383
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7384
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7385
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7386
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7387
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7388
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7389
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7390
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7391
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7392
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7393
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7394
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7395
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7396
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 7397
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7398
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              }
            ],
            "repeated": 0,
            "id": 7399
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 7400
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7401
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Recorded Calls"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7402
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7403
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7404
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Recorded Calls"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7405
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7406
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7407
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21827"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7408
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7409
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7410
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7411
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7412
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7413
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7414
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7415
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7416
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7417
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7418
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7419
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7420
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7421
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7422
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7423
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 7424
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 7425
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 7426
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7427
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7428
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x95\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7429
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 7430
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 7431
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 7432
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x91\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00(\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7433
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000528"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 7434
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 7435
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 7436
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}"
              }
            ],
            "repeated": 0,
            "id": 7437
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 7438
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf0\\xc8\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7439
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 7440
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 7441
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 7442
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7443
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 7444
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7445
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 7446
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7447
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000530"
              },
              {
                "name": "SubKey",
                "value": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
              }
            ],
            "repeated": 0,
            "id": 7448
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 7449
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7450
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7451
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7452
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7453
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7454
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7455
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7456
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21786"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7457
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7458
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7459
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7460
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7461
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7462
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7463
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7464
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7465
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7466
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7467
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7468
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7469
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7470
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7471
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7472
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7473
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              },
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}"
              }
            ],
            "repeated": 0,
            "id": 7474
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7475
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7476
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "NetworkPlacesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7477
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7478
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7479
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7480
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7481
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7482
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7483
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7484
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7485
          },
          {
            "timestamp": "2026-06-30 02:26:24,792",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7486
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7487
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7488
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7489
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7490
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7491
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7492
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7493
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7494
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7495
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7496
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000530"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7497
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 7498
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7499
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000530"
              },
              {
                "name": "SubKey",
                "value": "{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}"
              }
            ],
            "repeated": 0,
            "id": 7500
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000530"
              }
            ],
            "repeated": 0,
            "id": 7501
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7502
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Playlists"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7503
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7504
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7505
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Playlists"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7506
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7507
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7508
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21818"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7509
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7510
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7511
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7512
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7513
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7514
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7515
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7516
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7517
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7518
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7519
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7520
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7521
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7522
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000530"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7523
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7524
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7525
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}"
              }
            ],
            "repeated": 0,
            "id": 7526
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7527
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7528
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "DpapiKeys"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7529
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7530
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7531
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7532
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7533
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7534
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7535
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7536
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7537
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7538
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7539
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7540
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7541
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7542
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7543
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7544
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7545
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7546
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7547
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7548
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7549
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 7550
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7551
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000528"
              },
              {
                "name": "SubKey",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              }
            ],
            "repeated": 0,
            "id": 7552
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              }
            ],
            "repeated": 0,
            "id": 7553
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7554
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Personal"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7555
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7556
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7557
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7558
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7559
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7560
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\windows.storage.dll,-21770"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7561
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-112"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7562
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7563
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7564
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7565
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7566
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7567
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7568
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7569
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7570
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7571
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7572
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7573
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7574
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7575
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7576
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 7577
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000528"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Hide"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 7578
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7579
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7580
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7581
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb6\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xbc\\xbd\\x85Ms\\x01\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7582
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 7583
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7584
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 7585
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 7586
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7587
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7588
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 7589
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 7590
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7591
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 7592
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 7593
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7594
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb7\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00p\\x11\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xc8\\xd5\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 7595
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 7596
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7597
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 7598
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7599
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7600
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7601
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}"
              }
            ],
            "repeated": 0,
            "id": 7602
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7603
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7604
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "OEM Links"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7605
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7606
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7607
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "OEM Links"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7608
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7609
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7610
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7611
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7612
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7613
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7614
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7615
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7616
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7617
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7618
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7619
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7620
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7621
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7622
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7623
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7624
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7625
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7626
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7627
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "{190337D1-B8CA-4121-A639-6D472D16972A}"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337D1-B8CA-4121-A639-6D472D16972A}"
              }
            ],
            "repeated": 0,
            "id": 7628
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7629
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7630
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SearchHomeFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7631
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7632
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7633
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7634
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{9343812e-1c37-4a49-a12e-4b2d810d956b}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7635
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7636
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7637
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7638
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7639
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7640
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7641
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7642
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7643
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7644
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7645
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7646
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7647
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7648
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7649
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7650
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7651
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7652
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 7653
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "ThisPCPolicy"
              },
              {
                "name": "Data",
                "value": "Show"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy"
              }
            ],
            "repeated": 0,
            "id": 7654
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 7655
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049c"
              },
              {
                "name": "ValueName",
                "value": "BaseFolderId"
              },
              {
                "name": "Data",
                "value": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId"
              }
            ],
            "repeated": 0,
            "id": 7656
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7657
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7658
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7659
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb6\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00<\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcc\\xc1\\x85Ms\\x01\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7660
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 7661
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 7662
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 7663
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DisablePersonalDirChange"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange"
              }
            ],
            "repeated": 0,
            "id": 7664
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7665
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000c"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7666
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 7667
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 7668
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7669
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server"
              }
            ],
            "repeated": 0,
            "id": 7670
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "RDVirtualizationPool"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool"
              }
            ],
            "repeated": 0,
            "id": 7671
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7672
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xb7\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00p\\x11\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xc8\\xd5\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 7673
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy"
              }
            ],
            "repeated": 0,
            "id": 7674
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7675
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 7676
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7677
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7678
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 7679
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 7680
          },
          {
            "timestamp": "2026-06-30 02:26:24,807",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 7681
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7682
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}"
              }
            ],
            "repeated": 0,
            "id": 7683
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7684
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7685
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ThisDeviceFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7686
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7687
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7688
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7689
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{f8278c54-a712-415b-b593-b77a2be0dda9}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7690
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7691
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7692
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7693
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7694
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7695
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7696
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7697
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7698
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7699
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7700
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7701
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7702
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7703
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7704
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7705
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7706
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7707
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7708
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}"
              }
            ],
            "repeated": 0,
            "id": 7709
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7710
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7711
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SystemCertificates"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7712
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7713
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7714
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7715
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7716
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7717
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7718
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7719
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7720
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7721
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7722
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7723
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7724
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7725
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7726
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7727
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7728
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7729
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7730
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7731
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7732
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7733
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d8c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7734
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7735
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"
              }
            ],
            "repeated": 0,
            "id": 7736
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7737
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7738
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Links"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7739
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7740
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7741
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Links"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7742
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7743
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7744
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21810"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7745
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-185"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7746
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7747
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7748
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7749
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7750
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7751
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7752
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7753
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7754
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7755
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7756
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7757
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7758
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7759
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7760
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 7761
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 7762
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 7763
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7764
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7765
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x95\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7766
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 7767
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 7768
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7769
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x91\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00,\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7770
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 7771
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 7772
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7773
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"
              }
            ],
            "repeated": 0,
            "id": 7774
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7775
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xc0\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7776
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 7777
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 7778
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 7779
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 7780
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7781
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7782
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7783
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7784
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}"
              }
            ],
            "repeated": 0,
            "id": 7785
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7786
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7787
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "UserProgramFiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7788
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7789
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7790
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Programs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7791
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7792
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7793
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7794
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7795
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7796
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7797
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7798
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7799
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7800
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7801
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7802
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7803
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7804
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7805
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7806
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7807
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7808
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7809
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7810
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}"
              }
            ],
            "repeated": 0,
            "id": 7811
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7812
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7813
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Common Templates"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7814
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7815
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7816
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Templates"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7817
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7818
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7819
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7820
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7821
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7822
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7823
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7824
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7825
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7826
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7827
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7828
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7829
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7830
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7831
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7832
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7833
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7834
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7835
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7836
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              }
            ],
            "repeated": 0,
            "id": 7837
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7838
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7839
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Cache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7840
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7841
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7842
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\INetCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7843
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7844
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7845
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7846
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7847
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7848
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7849
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7850
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7851
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7852
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7853
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7854
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7855
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7856
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7857
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7858
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7859
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7860
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7861
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7862
          },
          {
            "timestamp": "2026-06-30 02:26:24,823",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "{A63293E8-664E-48DB-A079-DF759E0509F7}"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}"
              }
            ],
            "repeated": 0,
            "id": 7863
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7864
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7865
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Templates"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7866
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7867
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7868
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\Templates"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7869
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7870
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7871
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7872
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7873
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7874
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7875
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7876
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7877
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7878
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7879
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7880
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7881
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7882
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7883
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7884
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7885
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7886
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7887
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7888
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}"
              }
            ],
            "repeated": 0,
            "id": 7889
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7890
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7891
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "Device Metadata Store"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7892
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7893
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7894
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\DeviceMetadataStore"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7895
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7896
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7897
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7898
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7899
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7900
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7901
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7902
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7903
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7904
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7905
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7906
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7907
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7908
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7909
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7910
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7911
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7912
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7913
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7914
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}"
              }
            ],
            "repeated": 0,
            "id": 7915
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7916
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7917
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ControlPanelFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7918
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7919
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7920
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7921
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7922
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7923
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7924
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7925
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7926
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7927
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7928
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7929
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7930
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7931
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7932
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7933
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7934
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7935
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7936
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7937
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7938
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7939
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7940
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000538"
              },
              {
                "name": "SubKey",
                "value": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
              }
            ],
            "repeated": 0,
            "id": 7941
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000538"
              }
            ],
            "repeated": 0,
            "id": 7942
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7943
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "ProgramFilesX86"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7944
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7945
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7946
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7947
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7948
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7949
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21817"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7950
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7951
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7952
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7953
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7954
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7955
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7956
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7957
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7958
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7959
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7960
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7961
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7962
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7963
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000538"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7964
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7965
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7966
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "{43668BF8-C14E-49B2-97C9-747784D784B7}"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}"
              }
            ],
            "repeated": 0,
            "id": 7967
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 7968
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7969
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SyncCenterFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7970
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7971
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7972
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7973
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 7974
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 7975
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 7976
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 7977
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Security"
              }
            ],
            "repeated": 0,
            "id": 7978
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 7979
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 7980
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 7981
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 7982
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 7983
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 7984
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 7985
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 7986
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 7987
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 7988
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 7989
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 7990
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7991
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 7992
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}"
              }
            ],
            "repeated": 0,
            "id": 7993
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 7994
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Category"
              }
            ],
            "repeated": 0,
            "id": 7995
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "CredentialManager"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Name"
              }
            ],
            "repeated": 0,
            "id": 7996
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 7997
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Description"
              }
            ],
            "repeated": 0,
            "id": 7998
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 7999
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 8000
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 8001
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 8002
          },
          {
            "timestamp": "2026-06-30 02:26:24,839",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 8003
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Security"
              }
            ],
            "repeated": 0,
            "id": 8004
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 8005
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 8006
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 8007
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 8008
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 8009
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 8010
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 8011
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 8012
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 8013
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 8014
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 8015
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 8016
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8017
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f870000"
              },
              {
                "name": "RegionSize",
                "value": "0x00200000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8018
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f870000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8019
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 8020
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}"
              }
            ],
            "repeated": 0,
            "id": 8021
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8022
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Category"
              }
            ],
            "repeated": 0,
            "id": 8023
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SearchTemplatesFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Name"
              }
            ],
            "repeated": 0,
            "id": 8024
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Data",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 8025
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Description"
              }
            ],
            "repeated": 0,
            "id": 8026
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Microsoft\\Windows\\ConnectedSearch\\Templates"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 8027
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 8028
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 8029
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 8030
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 8031
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Security"
              }
            ],
            "repeated": 0,
            "id": 8032
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 8033
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 8034
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 8035
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 8036
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 8037
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 8038
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 8039
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 8040
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 8041
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 8042
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 8043
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 8044
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8045
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 8046
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"
              }
            ],
            "repeated": 0,
            "id": 8047
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8048
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Data",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Category"
              }
            ],
            "repeated": 0,
            "id": 8049
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Data",
                "value": "SavedGames"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Name"
              }
            ],
            "repeated": 0,
            "id": 8050
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 8051
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Description"
              }
            ],
            "repeated": 0,
            "id": 8052
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Data",
                "value": "Saved Games"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 8053
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "Data",
                "value": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 8054
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 8055
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "Data",
                "value": "@%SystemRoot%\\system32\\shell32.dll,-21814"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 8056
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\imageres.dll,-186"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 8057
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Security"
              }
            ],
            "repeated": 0,
            "id": 8058
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 8059
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 8060
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 8061
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 8062
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 8063
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 8064
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 8065
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 8066
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 8067
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 8068
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 8069
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "PropertyBag"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 8070
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8071
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist"
              }
            ],
            "repeated": 0,
            "id": 8072
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 8073
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration"
              }
            ],
            "repeated": 0,
            "id": 8074
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8075
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8076
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "0\\x95\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8077
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 8078
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 8079
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8080
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x91\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00,\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8081
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 8082
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 8083
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8084
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "ValueName",
                "value": "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"
              }
            ],
            "repeated": 0,
            "id": 8085
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8086
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xc2\\x85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8087
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x00000540"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 8088
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 8089
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "ProfileImagePath"
              },
              {
                "name": "Data",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath"
              }
            ],
            "repeated": 0,
            "id": 8090
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 8091
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8092
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8093
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8094
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 8095
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 8096
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8097
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Searches\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8098
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Searches\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x10\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8099
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Searches\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x009\\x000\\x003\\x001\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00e\\x00"
              },
              {
                "name": "Length",
                "value": "524"
              }
            ],
            "repeated": 0,
            "id": 8100
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Searches\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xd2@\\x08\\xf8v\\x07\\xdd\\x01LS\\x12\\xf0|\\x07\\xdd\\x01\\xa3z\"\\xf8v\\x07\\xdd\\x01\\xa3z\"\\xf8v\\x07\\xdd\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8101
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8102
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8103
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 8104
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 8105
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8106
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 8107
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 8108
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 8109
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8110
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Contacts\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8111
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Contacts\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xa0\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x9c\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8112
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Contacts\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00C\\x00o\\x00m\\x00m\\x00o\\x00n\\x00P\\x00r\\x00o\\x00g\\x00r\\x00a\\x00m\\x00F\\x00i\\x00l\\x00e\\x00s\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x00\\\\x00w\\x00a\\x00b\\x003\\x002\\x00r\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x001\\x000\\x001\\x000\\x000\\x00\r\\x00\n\\x00I\\x00n\\x00f\\x00o\\x00T\\x00i\\x00p\\x00=\\x00@\\x00%\\x00C\\x00o\\x00m\\x00m\\x00o\\x00n\\x00P\\x00r\\x00o\\x00g\\x00r\\x00a\\x00m\\x00F\\x00i\\x00l\\x00e\\x00s\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00"
              },
              {
                "name": "Length",
                "value": "412"
              }
            ],
            "repeated": 0,
            "id": 8113
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Contacts\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "E\\x90\\xf7\\xf7v\\x07\\xdd\\x01LS\\x12\\xf0|\\x07\\xdd\\x01E\\x90\\xf7\\xf7v\\x07\\xdd\\x01E\\x90\\xf7\\xf7v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8114
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8115
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8116
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 8117
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 8118
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8119
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8120
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 8121
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 8122
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8123
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Favorites\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8124
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Favorites\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x98\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x92\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8125
          },
          {
            "timestamp": "2026-06-30 02:26:24,854",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Favorites\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x007\\x009\\x006\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "402"
              }
            ],
            "repeated": 0,
            "id": 8126
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Favorites\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01LS\\x12\\xf0|\\x07\\xdd\\x01\\x88\\xf2\\xf9\\xf7v\\x07\\xdd\\x01\\xfc\\xce\\x00\\xfbv\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8127
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8128
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8129
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 8130
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 8131
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8132
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 8133
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 8134
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 8135
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8136
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Links\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8137
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Links\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8138
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Links\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x008\\x001\\x000\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "504"
              }
            ],
            "repeated": 0,
            "id": 8139
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Links\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xebS\\x1b\\xf8v\\x07\\xdd\\x01LS\\x12\\xf0|\\x07\\xdd\\x01\\xff\\xa1)\\xf8v\\x07\\xdd\\x01\\xff\\xa1)\\xf8v\\x07\\xdd\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8140
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8141
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8142
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 8143
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 8144
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8145
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8146
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 8147
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              }
            ],
            "repeated": 0,
            "id": 8148
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8149
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\Saved Games\\desktop.ini"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8150
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Saved Games\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1a\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8151
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Saved Games\\desktop.ini"
              },
              {
                "name": "Buffer",
                "value": "\\xff\\xfe\r\\x00\n\\x00[\\x00.\\x00S\\x00h\\x00e\\x00l\\x00l\\x00C\\x00l\\x00a\\x00s\\x00s\\x00I\\x00n\\x00f\\x00o\\x00]\\x00\r\\x00\n\\x00L\\x00o\\x00c\\x00a\\x00l\\x00i\\x00z\\x00e\\x00d\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00N\\x00a\\x00m\\x00e\\x00=\\x00@\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00s\\x00h\\x00e\\x00l\\x00l\\x003\\x002\\x00.\\x00d\\x00l\\x00l\\x00,\\x00-\\x002\\x001\\x008\\x001\\x004\\x00\r\\x00\n\\x00I\\x00c\\x00o\\x00n\\x00R\\x00e\\x00s\\x00o\\x00u\\x00r\\x00c\\x00e\\x00=\\x00%\\x00S\\x00y\\x00s\\x00t\\x00e\\x00m\\x00R\\x00o\\x00o\\x00t\\x00%\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00i\\x00m\\x00a\\x00g\\x00e\\x00r\\x00"
              },
              {
                "name": "Length",
                "value": "282"
              }
            ],
            "repeated": 0,
            "id": 8152
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000053c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\Saved Games\\desktop.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe9\\xb5\\x1d\\xf8v\\x07\\xdd\\x01LS\\x12\\xf0|\\x07\\xdd\\x01\\xe9\\xb5\\x1d\\xf8v\\x07\\xdd\\x01\\xe9\\xb5\\x1d\\xf8v\\x07\\xdd\\x01&\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8153
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8154
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8155
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 8156
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "ReadProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Size",
                "value": "0x00000001"
              },
              {
                "name": "Buffer",
                "value": "\\x01"
              }
            ],
            "repeated": 0,
            "id": 8157
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "WriteProcessMemory",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1e5ee19281"
              },
              {
                "name": "Buffer",
                "value": "\\x00"
              },
              {
                "name": "BufferLength",
                "value": "0x00000001"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8158
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8159
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8160
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "DelegateFolders"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 8161
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders"
              }
            ],
            "repeated": 3,
            "id": 8162
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\"
              }
            ],
            "repeated": 0,
            "id": 8163
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8164
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8165
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 8166
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
              }
            ],
            "repeated": 0,
            "id": 8167
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\"
              }
            ],
            "repeated": 0,
            "id": 8168
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8169
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 8170
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 8171
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000053c"
              },
              {
                "name": "SubKey",
                "value": "UsersFiles\\NameSpace"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\UsersFiles\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 8172
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000053c"
              },
              {
                "name": "SubKey",
                "value": "UsersFiles\\NameSpace\\DelegateFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\UsersFiles\\NameSpace\\DelegateFolders"
              }
            ],
            "repeated": 0,
            "id": 8173
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8174
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x0000053e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 8175
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053e"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 8176
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053e"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 8177
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053e"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 8178
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053e"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Data",
                "value": "1080"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 8179
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053e"
              }
            ],
            "repeated": 0,
            "id": 8180
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 8181
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 8182
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 8183
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 8184
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "ValueName",
                "value": "{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
              }
            ],
            "repeated": 0,
            "id": 8185
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8186
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 8187
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8188
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              },
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
              }
            ],
            "repeated": 0,
            "id": 8189
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000053c"
              },
              {
                "name": "SubKey",
                "value": "{e1e1ae7a-0000-0000-0000-300300000000}\\"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
              }
            ],
            "repeated": 0,
            "id": 8190
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8191
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Generation"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation"
              }
            ],
            "repeated": 0,
            "id": 8192
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8193
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8194
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000534"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8195
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000534"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x006\\xean:\\xdd\\xac\\xd5\\x017\\xa7\\xfd\\xe3w\\x07\\xdd\\x01oE\\xfb\\xe3w\\x07\\xdd\\x01oE\\xfb\\xe3w\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfa\\x01\\x00\\x00\\x00\\x00\\x01\\x00U\\x00s\\x00e\\x00r\\x00s\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 8196
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8197
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 8198
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100081",
                "pretty_value": "FILE_READ_ACCESS|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8199
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffffc000000d",
            "pretty_return": "INVALID_PARAMETER",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000534"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users"
              },
              {
                "name": "FileInformationClass",
                "value": "55",
                "pretty_value": "FileReplaceCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8200
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryDirectoryFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000534"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8.\\xdf\\xeev\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\xf8m>Pz\\x07\\xdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfbd\\x01\\x00\\x00\\x00\\x02\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FileInformationClass",
                "value": "37",
                "pretty_value": "FileIdBothDirectoryInformation"
              }
            ],
            "repeated": 0,
            "id": 8201
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8202
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 8203
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9160000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8204
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a399",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9160000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8205
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a3c8",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9161000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8206
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a3c8",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9161000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8207
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a3c8",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 8208
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8209
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8210
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\x8e\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8211
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 8212
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000053c"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 8213
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8214
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\x8a\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00<\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8215
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000053c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 8216
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000053c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 8217
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8218
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Start Menu"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Start Menu"
              }
            ],
            "repeated": 0,
            "id": 8219
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8220
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8221
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8222
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8223
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\x8e\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8224
          },
          {
            "timestamp": "2026-06-30 02:26:24,870",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 8225
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 8226
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8227
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 8228
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "ValueName",
                "value": "Common Start Menu"
              },
              {
                "name": "Data",
                "value": "%ProgramData%\\Microsoft\\Windows\\Start Menu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu"
              }
            ],
            "repeated": 0,
            "id": 8229
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8230
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8231
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8232
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8233
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\x8e\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8234
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 8235
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 8236
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8237
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\x8a\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x00,\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8238
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 8239
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000052c"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 8240
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8241
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Recent"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Recent"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent"
              }
            ],
            "repeated": 0,
            "id": 8242
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8243
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8244
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8245
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8246
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\x8e\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8247
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8248
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8249
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8250
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\x8e\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8251
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8252
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8253
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8254
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\x8e\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8255
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000004a8"
              },
              {
                "name": "SubKey",
                "value": "SessionInfo\\2"
              },
              {
                "name": "Handle",
                "value": "0x00000534"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 8256
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "KnownFolders"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 8257
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8258
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\x8a\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\x00\\x00\\x80\\x80\\x00\\x00@\\x004\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8259
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 8260
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000534"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 8261
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000534"
              }
            ],
            "repeated": 0,
            "id": 8262
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "Personal"
              },
              {
                "name": "Data",
                "value": "%USERPROFILE%\\Documents"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal"
              }
            ],
            "repeated": 0,
            "id": 8263
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8264
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8265
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8266
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8267
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\x8e\\xde^\\x1e\\x00\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8268
          },
          {
            "timestamp": "2026-06-30 02:26:24,885",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8269
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000323-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000146-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8270
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8271
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699a000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8272
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 8273
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa9f93b0"
              }
            ],
            "repeated": 0,
            "id": 8274
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa8f9b0"
              }
            ],
            "repeated": 0,
            "id": 8275
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa32450"
              }
            ],
            "repeated": 0,
            "id": 8276
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa6f950"
              }
            ],
            "repeated": 0,
            "id": 8277
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa4cb70"
              }
            ],
            "repeated": 0,
            "id": 8278
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa53330"
              }
            ],
            "repeated": 0,
            "id": 8279
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4504:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8280
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8281
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8282
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8283
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8284
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8285
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8286
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 8287
          },
          {
            "timestamp": "2026-06-30 02:26:24,901",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8288
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8289
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4504:120:WilError_03"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8290
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8291
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8292
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8293
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8294
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8295
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8296
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 8297
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8298
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              }
            ],
            "repeated": 0,
            "id": 8299
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8300
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8301
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xe1^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "336"
              }
            ],
            "repeated": 0,
            "id": 8302
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000544"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff9a9d45960"
              },
              {
                "name": "Parameter",
                "value": "0x1734c8ee080"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "280"
              },
              {
                "name": "ProcessId",
                "value": "4504"
              },
              {
                "name": "Module",
                "value": "shcore.dll"
              }
            ],
            "repeated": 0,
            "id": 8303
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x00000544",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff9a9d45960"
              },
              {
                "name": "Parameter",
                "value": "0x1734c8ee080"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "280"
              },
              {
                "name": "ProcessId",
                "value": "4504"
              }
            ],
            "repeated": 0,
            "id": 8304
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000544"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "280"
              },
              {
                "name": "ProcessId",
                "value": "4504"
              }
            ],
            "repeated": 0,
            "id": 8305
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 8306
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8307
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8308
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9a9d45960"
              },
              {
                "name": "Parameter",
                "value": "0x1734c8ee080"
              }
            ],
            "repeated": 0,
            "id": 8309
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8498cfe",
            "parentcaller": "0x7ff9a9d79042",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xe3^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "280"
              }
            ],
            "repeated": 0,
            "id": 8310
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8311
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8312
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000053c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8313
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8314
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8315
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8316
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a97708cd",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000354"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Windows.Internal.StateRepository.FileTypeAssociation"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation"
              }
            ],
            "repeated": 0,
            "id": 8317
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9770927",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "KeyInformation",
                "value": "y\\x1f\\x10\\xffd4\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00h\\x00\\x00\\x00W\\x00i\\x00n\\x00d\\x00o\\x00w\\x00s\\x00.\\x00I\\x00n\\x00t\\x00e\\x00r\\x00n\\x00a\\x00l\\x00.\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00.\\x00F\\x00i\\x00l\\x00e\\x00T\\x00y\\x00p\\x00e\\x00A\\x00s\\x00s\\x00o\\x00c\\x00i\\x00a\\x00t\\x00i\\x00o\\x00n\\x00k\\xffb8\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\x17\\x00+\\x00\\x00\\x00\\x00\\x00\\xfff6\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffe0m\\xff82Ms\\x01\\x00\\x00y\\xffee__\\x1e\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc7\\xffb3\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00s\\x01\\x00\\x00\\xffa0\\x14&Is\\x01\\x00\\x00h\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00&Is\\x01\\x00\\x00\\xffc4\\x02&Is\\x01\\x00\\x00\\x00\\x00&Is\\x01\\x00\\x00XU\\xff9b\\xffa9\\xfff9\\x7f\\x00\\x00\\xffc8L\\xff86Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xffef__\\x1e\\x00\\x00\\x00\\xff98kp\\xffa9\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00s\\x01\\x00\\x00\\xffd07\\xff86Ms\\x01\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa1\\xffaa\\xfff9\\x7f\\x00\\x00\\xffa0L\\xff86Ms\\x01\\x00\\x00\\xffd07\\xff86Ms\\x01\\x00\\x00\\xff90\\x07\\xff87Os\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffc0\\xff86\\xff84M\\x02\\x00\\x00\\x00\\xffa6Ap\\xffa9\\xfff9\\x7f\\x00\\x00\\xffd0\\xff9f\\xff84Ms\\x01\\x00\\x00\\xff90\\x07\\xff87Os\\x01\\x00\\x00\\xff90\\x02\\xff8bMs\\x01\\x00\\x00\\xff90\\x02\\xff8bMs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd07\\xff86Ms\\x01\\x00\\x00\\xff90\\x02\\xff8bMs\\x01\\x00\\x00\\xffd76p\\xffa9\\xfff9\\x7f\\x00\\x00\\xffa0\\xffbd\\xff85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00__\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffa0\\xffbd\\xff85Ms\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00@\\xfff0__\\x1e\\x00\\x00\\x00\\xffa1Ep\\xffa9\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8318
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivationType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType"
              }
            ],
            "repeated": 0,
            "id": 8319
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "Server"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server"
              }
            ],
            "repeated": 0,
            "id": 8320
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97807bb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "DllPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath"
              }
            ],
            "repeated": 0,
            "id": 8321
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "Threading"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading"
              }
            ],
            "repeated": 0,
            "id": 8322
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "TrustLevel"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel"
              }
            ],
            "repeated": 0,
            "id": 8323
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a97356ac",
            "parentcaller": "0x7ff9a979b1b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000548"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 8324
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "RemoteServer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer"
              }
            ],
            "repeated": 0,
            "id": 8325
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateAsUser"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser"
              }
            ],
            "repeated": 0,
            "id": 8326
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateInSharedBroker"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker"
              }
            ],
            "repeated": 0,
            "id": 8327
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateInBrokerForMediumILContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer"
              }
            ],
            "repeated": 0,
            "id": 8328
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9774022",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 8329
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 8330
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a972ddb2",
            "parentcaller": "0x7ff9a972d0f2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000350"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Server"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server"
              }
            ],
            "repeated": 0,
            "id": 8331
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a97708cd",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000550"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "StateRepository"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository"
              }
            ],
            "repeated": 0,
            "id": 8332
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9770927",
            "parentcaller": "0x7ff9a972dd38",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000550"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffcek|\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00S\\x00t\\x00a\\x00t\\x00e\\x00R\\x00e\\x00p\\x00o\\x00s\\x00i\\x00t\\x00o\\x00r\\x00y\\x00\\x00\\x00\\x14\\xffdf\\x18Ks\\x01\\x00\\x000\\x19\\xffe3\\xff87\\xfff9\\x7f\\x00\\x00\\xffb2\\xffddr\\xffa9\\xfff9\\x7f\\x00\\x00\\xffe9N\\xffb3\\xff87\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff89\\xffea__\\x1e\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00s\\x01\\x00\\x00\\xffa0\\x14&Is\\x01\\x00\\x00\\x1e\\xff833! \\xff9b\\x00\\x00\\x00\\x00&Is\\x01\\x00\\x00\\xff87\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff87\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00\\xfff8\\xffea__\\x1e\\x00\\x00\\x00\\xff8e\\xff803! \\xff9b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\xffbe\\xff85Ms\\x01\\x00\\x00X\\xffbeBIs\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x19\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xffd2\\xff85Ms\\x01\\x00\\x00@\\xffeb__\\x1e\\x00\\x00\\x00\\xffa4L\\xffb5\\xff87\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xffb9\\x00\\xffe5j\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffcd$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\xffe8#\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00\\x00\\xffd2\\xff85Ms\\x01\\x00\\x00\\xffc8\\xffd5\\xffd7\\xff87\\xfff9\\x7f\\x00\\x00\\x19\\x01\\x02\\x00s\\x01\\x00\\x00\\xff98$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x00P\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xff80$\\xffd8\\xff87\\xfff9\\x7f\\x00\\x000\\xffeb__\\x1e\\x00\\x00\\x00h\\xffd9\\xffd7\\xff87\\xfff9\\x7f\\x00\\x00@\\xffeb__\\x1e\\x00\\x00\\x00\\xff90\t\\xff87Os\\x01\\x00\\x00\\xffc0\\xffddr\\xffa9\\xfff9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00s\\x01\\x00\\x00@\\xffed__\\x1e\\x00\\x00\\x00\\x00\\xffd2\\xff85Ms\\x01\\x00\\x00@\\xffd2\\xff85Ms\\x01\\x00\\x00\\xff90\t\\xff87Os\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x0c\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\xffac\t\\xff87Os\\x01\\x00\\x000\\x00\\x00\\x00s\\x01\\x00\\x00P\\x03\\x00\\x00\\x00\\x00\\x00\\x000\\xffeb__\\x1e\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xffd0\\x03\\xff87Os\\x01\\x00\\x00\\xfff2\\xffd0r\\xffa9\\xfff9\\x7f\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8333
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97807bb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "ExePath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath"
              }
            ],
            "repeated": 0,
            "id": 8334
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97807bb",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "CommandLine"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine"
              }
            ],
            "repeated": 0,
            "id": 8335
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "IdentityType"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType"
              }
            ],
            "repeated": 0,
            "id": 8336
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9774022",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x000000ea",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Type",
                "value": "0x7ff900000003"
              },
              {
                "name": "DataLength",
                "value": "184"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 8337
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9774022",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "Permissions"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions"
              }
            ],
            "repeated": 0,
            "id": 8338
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a9789d40",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "ActivatableClasses"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses"
              }
            ],
            "repeated": 0,
            "id": 8339
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "ServerType"
              },
              {
                "name": "Data",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType"
              }
            ],
            "repeated": 0,
            "id": 8340
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "AppId"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId"
              }
            ],
            "repeated": 0,
            "id": 8341
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "Identity"
              },
              {
                "name": "Data",
                "value": "nt authority\\system"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity"
              }
            ],
            "repeated": 0,
            "id": 8342
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a975ae1b",
            "parentcaller": "0x7ff9a97792f0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "ServiceName"
              },
              {
                "name": "Data",
                "value": "StateRepository"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName"
              }
            ],
            "repeated": 0,
            "id": 8343
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a976d862",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "ExplicitPsmActivationType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType"
              }
            ],
            "repeated": 0,
            "id": 8344
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a97356ac",
            "parentcaller": "0x7ff9a979b1b0",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000550"
              },
              {
                "name": "SubKey",
                "value": "CustomAttributes"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes"
              }
            ],
            "repeated": 0,
            "id": 8345
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a976ab76",
            "parentcaller": "0x7ff9a976f113",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 8346
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a976ab76",
            "parentcaller": "0x7ff9a976f113",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 8347
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a9c24a33",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000554"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 8348
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f87a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8349
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a96d879f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000055c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 8350
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8351
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              },
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}"
              }
            ],
            "repeated": 0,
            "id": 8352
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9768313",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000562"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 8353
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a976834e",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8354
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9768377",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              }
            ],
            "repeated": 0,
            "id": 8355
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9768388",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              }
            ],
            "repeated": 0,
            "id": 8356
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a97295e4",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000306"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 8357
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8358
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8359
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xbe__\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00b\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00@\\xbf__\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8360
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8361
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8362
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000562"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8363
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a97740e1",
            "parentcaller": "0x7ff9a972968d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8364
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9729c65",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 8365
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8366
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8367
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9729ef5",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000562"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8368
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8369
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8370
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8371
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972ac16",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 8372
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9729fcf",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              }
            ],
            "repeated": 0,
            "id": 8373
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8374
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8375
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xbc__\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00b\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\xd0\\xbd__\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8376
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8377
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8378
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000562"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8379
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8380
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8381
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xbc__\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00b\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\xd0\\xbd__\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8382
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8383
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8384
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000562"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8385
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9729a80",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              }
            ],
            "repeated": 0,
            "id": 8386
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8387
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8388
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a97295e4",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000306"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 8389
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8390
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8391
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xbb__\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00b\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\xbc__\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8392
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8393
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8394
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000562"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8395
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a97740e1",
            "parentcaller": "0x7ff9a972968d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8396
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9729c65",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 8397
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8398
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "PSFactoryBuffer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8399
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9729ef5",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000562"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8400
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 8401
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a17d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8402
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972a22c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8403
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a972ac16",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 8404
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9729fcf",
            "parentcaller": "0x7ff9a9729d0e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              }
            ],
            "repeated": 0,
            "id": 8405
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8406
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8407
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xb9__\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00b\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x90\\xba__\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8408
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8409
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8410
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000562"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 8411
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8412
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8413
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xb9__\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00b\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x90\\xba__\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8414
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8415
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8416
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000562"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 8417
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a972ae1c",
            "parentcaller": "0x7ff9a9728039",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000562"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 8418
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845e482",
            "parentcaller": "0x7ff9a9728085",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 8419
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8460827",
            "parentcaller": "0x7ff9a845fb22",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 8420
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d754",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8421
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9aaa26c8b",
            "parentcaller": "0x7ff9a845d7e0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xb8__\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xf9\\x7f\\x00\\x00\\xe8#\\xd8\\x87\\xf9\\x7f\\x00\\x00b\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x10'\\xd8\\x87\\xf9\\x7f\\x00\\x00\\x04\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\xd0\\xb9__\\x1e\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8422
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845d8e8",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 8423
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845fd34",
            "parentcaller": "0x7ff9a845da04",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8424
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845da22",
            "parentcaller": "0x7ff9a845fb59",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000562"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 8425
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a972b02a",
            "parentcaller": "0x7ff9a9729e28",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000306"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 8426
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a972b061",
            "parentcaller": "0x7ff9a9729e28",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000566"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 8427
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a972b0c5",
            "parentcaller": "0x7ff9a9729e28",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              }
            ],
            "repeated": 0,
            "id": 8428
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9729a80",
            "parentcaller": "0x7ff9a96eae14",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              }
            ],
            "repeated": 0,
            "id": 8429
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              },
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}"
              }
            ],
            "repeated": 0,
            "id": 8430
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a970953c",
            "parentcaller": "0x7ff9a970806b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000562"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 8431
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a9708090",
            "parentcaller": "0x7ff9a96dace7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              }
            ],
            "repeated": 0,
            "id": 8432
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8433
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8434
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a1300000"
              }
            ],
            "repeated": 0,
            "id": 8435
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a1300000"
              }
            ],
            "repeated": 0,
            "id": 8436
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a845ae12",
            "parentcaller": "0x7ff9a972d475",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a1300000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 8437
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d3d7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a1300000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a1307340"
              }
            ],
            "repeated": 0,
            "id": 8438
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d3f0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a1300000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8439
          },
          {
            "timestamp": "2026-06-30 02:26:24,917",
            "thread_id": "280",
            "caller": "0x7ff9a8470741",
            "parentcaller": "0x7ff9a972d410",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Windows.StateRepositoryPS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a1300000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a1307380"
              }
            ],
            "repeated": 0,
            "id": 8440
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              },
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}"
              }
            ],
            "repeated": 0,
            "id": 8441
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a9768313",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000562"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 8442
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a976834e",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8443
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a9768377",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              }
            ],
            "repeated": 0,
            "id": 8444
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a9768388",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              }
            ],
            "repeated": 0,
            "id": 8445
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a96de87e",
            "parentcaller": "0x7ff9a96de27f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8446
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9aaa26798",
            "parentcaller": "0x7ff9a84952e6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 8447
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9aaa267b9",
            "parentcaller": "0x7ff9a84952e6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000564"
              }
            ],
            "repeated": 0,
            "id": 8448
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a9c32140",
            "parentcaller": "0x7ff9a9c31ddd",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8449
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9aaa33f6a",
            "parentcaller": "0x7ff9a9bff557",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8450
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000030e"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              },
              {
                "name": "Handle",
                "value": "0x00000562"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}"
              }
            ],
            "repeated": 0,
            "id": 8451
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a9768313",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000562"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000056a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 8452
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a976834e",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8453
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a9768377",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056a"
              }
            ],
            "repeated": 0,
            "id": 8454
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a9768388",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              }
            ],
            "repeated": 0,
            "id": 8455
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8456
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002c4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8457
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9a8498cfe",
            "parentcaller": "0x7ff9a9d476bf",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xe3^\\x1e\\x00\\x00\\x00\\x98\\x11\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "280"
              }
            ],
            "repeated": 0,
            "id": 8458
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8459
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9aaa37820",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9dd7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8460
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8461
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "280",
            "caller": "0x7ff9aaa37871",
            "parentcaller": "0x7ff9aaa220f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9dd7000"
              },
              {
                "name": "ModuleName",
                "value": "shcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8462
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers"
              }
            ],
            "repeated": 0,
            "id": 8463
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": ".jpg"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers\\.jpg"
              }
            ],
            "repeated": 0,
            "id": 8464
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8465
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8466
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8467
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.jpg"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.jpg"
              }
            ],
            "repeated": 0,
            "id": 8468
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{a38b883c-1682-497e-97b0-0a3a9e801682}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.jpg\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8469
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8470
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\OverrideFileSystemProperties"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\OverrideFileSystemProperties"
              }
            ],
            "repeated": 0,
            "id": 8471
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}"
              },
              {
                "name": "Handle",
                "value": "0x0000052e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}"
              }
            ],
            "repeated": 0,
            "id": 8472
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052e"
              },
              {
                "name": "ValueName",
                "value": "DisableProcessIsolation"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\DisableProcessIsolation"
              }
            ],
            "repeated": 0,
            "id": 8473
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052e"
              },
              {
                "name": "ValueName",
                "value": "NoOplock"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\NoOplock"
              }
            ],
            "repeated": 0,
            "id": 8474
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "ExplorerCLSIDFlags\\{A38B883C-1682-497E-97B0-0A3A9E801682}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\ExplorerCLSIDFlags\\{A38B883C-1682-497E-97B0-0A3A9E801682}"
              }
            ],
            "repeated": 0,
            "id": 8475
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052e"
              },
              {
                "name": "ValueName",
                "value": "UseInProcHandlerCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\UseInProcHandlerCache"
              }
            ],
            "repeated": 0,
            "id": 8476
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052e"
              },
              {
                "name": "ValueName",
                "value": "UseOutOfProcHandlerCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\UseOutOfProcHandlerCache"
              }
            ],
            "repeated": 0,
            "id": 8477
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052e"
              }
            ],
            "repeated": 0,
            "id": 8478
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{A38B883C-1682-497E-97B0-0A3A9E801682}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{A38B883C-1682-497E-97B0-0A3A9E801682}"
              }
            ],
            "repeated": 0,
            "id": 8479
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8480
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8a40000"
              }
            ],
            "repeated": 0,
            "id": 8481
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a8a40000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8482
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a8a40000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a8aae3f0"
              }
            ],
            "repeated": 0,
            "id": 8483
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9161000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8484
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9161000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8485
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\Instance"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 8486
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8487
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8488
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8489
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000052e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8490
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%SystemRoot%\\system32\\PhotoMetadataHandler.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8491
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052e"
              },
              {
                "name": "ValueName",
                "value": "LoadWithoutCOM"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32\\LoadWithoutCOM"
              }
            ],
            "repeated": 0,
            "id": 8492
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052e"
              }
            ],
            "repeated": 0,
            "id": 8493
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              }
            ],
            "repeated": 0,
            "id": 8494
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
              }
            ],
            "repeated": 0,
            "id": 8495
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699b000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8496
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a699b000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8497
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 8498
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\PhotoMetadataHandler.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 8499
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8500
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "PhotoMetadataHandler.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8501
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8502
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002f0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8503
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000052c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached"
              }
            ],
            "repeated": 0,
            "id": 8504
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              },
              {
                "name": "ValueName",
                "value": "{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF"
              },
              {
                "name": "Data",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1b\\xf4A\\x8f}\\x07\\xdd\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF"
              }
            ],
            "repeated": 0,
            "id": 8505
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 8506
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\PhotoMetadataHandler"
              },
              {
                "name": "DllBase",
                "value": "0x7ff998e30000"
              }
            ],
            "repeated": 0,
            "id": 8507
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\PhotoMetadataHandler.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998e30000"
              }
            ],
            "repeated": 0,
            "id": 8508
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "A38B883C-1682-497E-97B0-0A3A9E801682"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8509
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{A38B883C-1682-497E-97B0-0A3A9E801682}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{A38B883C-1682-497E-97B0-0A3A9E801682}"
              }
            ],
            "repeated": 0,
            "id": 8510
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 8511
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000574"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8512
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 8513
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}"
              },
              {
                "name": "Handle",
                "value": "0x00000576"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}"
              }
            ],
            "repeated": 0,
            "id": 8514
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000576"
              },
              {
                "name": "ValueName",
                "value": "EnableShareDenyNone"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\EnableShareDenyNone"
              }
            ],
            "repeated": 0,
            "id": 8515
          },
          {
            "timestamp": "2026-06-30 02:26:24,932",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DisableFCM"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DisableFCM"
              }
            ],
            "repeated": 0,
            "id": 8516
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\SHCore.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d30000"
              }
            ],
            "repeated": 0,
            "id": 8517
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E2EB4CA4-C96E-4DA4-94B1-673C8334A5BB"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "265CFCAA-9B0C-44CA-996F-4A6F6620C72D"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8518
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8519
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8520
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8521
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x0000057c"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000580"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 8522
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "device",
            "api": "DeviceIoControl",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000580"
              },
              {
                "name": "IoControlCode",
                "value": "0x00090240"
              },
              {
                "name": "InBuffer",
                "value": "\\x01\\x00\\x0c\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x00\\x00"
              },
              {
                "name": "OutBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8523
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 8524
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8525
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8526
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000058c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8527
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 8528
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8529
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 8530
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8531
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8532
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8533
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8534
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 8535
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8536
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8537
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 8538
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000058c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8539
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000590"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000058c"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 8540
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000590"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734fa70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edec7f0"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8541
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8542
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8543
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8544
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8545
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 1,
            "id": 8546
          },
          {
            "timestamp": "2026-06-30 02:26:24,948",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 1,
            "id": 8547
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CACAF262-9370-4615-A13B-9F5539DA4C0A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8548
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 8549
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f87c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8550
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 8551
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CACAF262-9370-4615-A13B-9F5539DA4C0A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8552
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "PhotoMetadataHandler.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff998e30000"
              }
            ],
            "repeated": 0,
            "id": 8553
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff998e30000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "PhotoMetadataHandler.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 8554
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "PhotoMetadataHandler.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff998e30000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff998e37520"
              }
            ],
            "repeated": 0,
            "id": 8555
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000576"
              }
            ],
            "repeated": 0,
            "id": 8556
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              },
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager"
              }
            ],
            "repeated": 0,
            "id": 8557
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000574"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8558
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 8559
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8560
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8561
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "76765B11-3F95-4AF2-AC9D-EA55D8994F1A"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8562
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8563
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff70103a46a",
            "parentcaller": "0x7ff701011dc7",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a280f000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8564
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011df6",
            "parentcaller": "0x7ff701011bda",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f881000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8565
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8566
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 8567
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734fa70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8568
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000590"
              }
            ],
            "repeated": 0,
            "id": 8569
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8570
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              }
            ],
            "repeated": 0,
            "id": 8571
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 8572
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 8573
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 8574
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000584"
              }
            ],
            "repeated": 0,
            "id": 8575
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 8576
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 8577
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701011e15",
            "parentcaller": "0x7ff701011bda",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8578
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff7010176c0",
            "parentcaller": "0x7ff7010170df",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x8dDg|\\x12\\x08\\xdd\\x01\\x8dDg|\\x12\\x08\\xdd\\x01\\x8dDg|\\x12\\x08\\xdd\\x01\\x8e5r\\xcd7\\x08\\xdd\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8579
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff7010176c0",
            "parentcaller": "0x7ff7010170df",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8580
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff7010176c0",
            "parentcaller": "0x7ff7010170df",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 8581
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff7010176d1",
            "parentcaller": "0x7ff7010170df",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 0,
            "id": 8582
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701012682",
            "parentcaller": "0x7ff701017100",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1940",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3720"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8583
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701012700",
            "parentcaller": "0x7ff701017100",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09250000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8584
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701012700",
            "parentcaller": "0x7ff701017100",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 8585
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff701012700",
            "parentcaller": "0x7ff701017100",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09260000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8586
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 8587
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000494"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 8588
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8589
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 0,
            "id": 8590
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9898a0000"
              },
              {
                "name": "ModuleName",
                "value": "MFC42u.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8591
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9898a0000"
              },
              {
                "name": "ModuleName",
                "value": "MFC42u.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8592
          },
          {
            "timestamp": "2026-06-30 02:26:24,964",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "1F486A52-3CB1-48FD-8F50-B8DC300D9F9D"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "ECF31D61-E474-453C-BEE7-DE68E441C6D0"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8593
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff7010296ab",
            "parentcaller": "0x7ff70101dd61",
            "category": "filesystem",
            "api": "SHGetFileInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Path",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "Flags",
                "value": "0x00000210"
              },
              {
                "name": "DisplayName",
                "value": "0001.jpg"
              },
              {
                "name": "TypeName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8594
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff70102bd4d",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100000",
                "pretty_value": "SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 8595
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff70102bd4d",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005a0"
              },
              {
                "name": "HandleName",
                "value": "C:\\"
              },
              {
                "name": "FileInformationClass",
                "value": "9",
                "pretty_value": "FileNameInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x02\\x00\\x00\\x00\\\\x00"
              }
            ],
            "repeated": 0,
            "id": 8596
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff70102bd4d",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "GetVolumeInformationByHandleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "VolumeName",
                "value": ""
              },
              {
                "name": "VolumeSerial",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8597
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff70102bd4d",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 8598
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8599
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff990183dc0"
              }
            ],
            "repeated": 0,
            "id": 8600
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8601
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8602
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateBitmapFromGdiDib"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901c5770"
              }
            ],
            "repeated": 0,
            "id": 8603
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8604
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8605
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateHBITMAPFromBitmap"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901caa70"
              }
            ],
            "repeated": 0,
            "id": 8606
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8607
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701000db0",
            "parentcaller": "0x7ff700febda8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734fe80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8608
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701000db0",
            "parentcaller": "0x7ff700febda8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c856000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8609
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701000db0",
            "parentcaller": "0x7ff700febda8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17350190000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8610
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701000db0",
            "parentcaller": "0x7ff700febda8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17350190000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8611
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701000db0",
            "parentcaller": "0x7ff700febda8",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734fe80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00300000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8612
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8613
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff990183d80"
              }
            ],
            "repeated": 0,
            "id": 8614
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8615
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff7010067dc",
            "parentcaller": "0x7ff701006713",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MicrosoftTabletPenServiceProperty"
              },
              {
                "name": "Atom",
                "value": "0x0000c01c"
              }
            ],
            "repeated": 0,
            "id": 8616
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff70100680b",
            "parentcaller": "0x7ff701006713",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c01c"
              }
            ],
            "repeated": 0,
            "id": 8617
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701006823",
            "parentcaller": "0x7ff701006713",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8618
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff70100684f",
            "parentcaller": "0x7ff701006713",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B5F8350B-0548-48B1-A6EE-88BD00B4A5E7"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "6E26E776-04F0-495D-80E4-3330352E3169"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8619
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff7010068da",
            "parentcaller": "0x7ff701006860",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b13a0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#41"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8620
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff70100695d",
            "parentcaller": "0x7ff701006860",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8621
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff7010069c4",
            "parentcaller": "0x7ff701006860",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09260000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8622
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff7010069c4",
            "parentcaller": "0x7ff701006860",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 8623
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701006a89",
            "parentcaller": "0x7ff701006868",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8624
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701006b06",
            "parentcaller": "0x7ff701006868",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8625
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701006b06",
            "parentcaller": "0x7ff701006868",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 8626
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701006b06",
            "parentcaller": "0x7ff701006868",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09260000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8627
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701006bc7",
            "parentcaller": "0x7ff701006870",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1960",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3722"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8628
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701006c12",
            "parentcaller": "0x7ff701006870",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09260000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8629
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701006c12",
            "parentcaller": "0x7ff701006870",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 8630
          },
          {
            "timestamp": "2026-06-30 02:26:24,979",
            "thread_id": "336",
            "caller": "0x7ff701006c12",
            "parentcaller": "0x7ff701006870",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8631
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734ca46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8632
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 8633
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 8634
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 8635
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll.Config"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8636
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120089",
                "pretty_value": "FILE_GENERIC_READ"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8637
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 8638
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff994050000"
              }
            ],
            "repeated": 0,
            "id": 8639
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff994050000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "comctl32"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8640
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734fe80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 8641
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 8642
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "HIMAGELIST_QueryInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9940cfa30"
              }
            ],
            "repeated": 0,
            "id": 8643
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "DrawShadowText"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99414d0d0"
              }
            ],
            "repeated": 0,
            "id": 8644
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "DrawSizeBox"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9940df790"
              }
            ],
            "repeated": 0,
            "id": 8645
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "DrawScrollBar"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9940c0d30"
              }
            ],
            "repeated": 0,
            "id": 8646
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "SizeBoxHwnd"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9940c52e0"
              }
            ],
            "repeated": 0,
            "id": 8647
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "ScrollBar_MouseMove"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9941422d0"
              }
            ],
            "repeated": 0,
            "id": 8648
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "ScrollBar_Menu"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9941420e0"
              }
            ],
            "repeated": 0,
            "id": 8649
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "HandleScrollCmd"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff994142040"
              }
            ],
            "repeated": 0,
            "id": 8650
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "DetachScrollBars"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff994052450"
              }
            ],
            "repeated": 0,
            "id": 8651
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "AttachScrollBars"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9940c7160"
              }
            ],
            "repeated": 0,
            "id": 8652
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "CCSetScrollInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9940c2240"
              }
            ],
            "repeated": 0,
            "id": 8653
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "CCGetScrollInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9940dbcd0"
              }
            ],
            "repeated": 0,
            "id": 8654
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "CCEnableScrollBar"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff994052840"
              }
            ],
            "repeated": 0,
            "id": 8655
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "QuerySystemGestureStatus"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9941420a0"
              }
            ],
            "repeated": 0,
            "id": 8656
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99429a000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8657
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99429a000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8658
          },
          {
            "timestamp": "2026-06-30 02:26:24,995",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff701009cbe",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 8659
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000068"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8660
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000006c"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8661
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 8662
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000026"
              },
              {
                "name": "uiParam",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 8663
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000103e"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8664
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001042"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8665
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000001b"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8666
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99429a000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8667
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99429a000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8668
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8669
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "TurnOffSPIAnimations"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations"
              }
            ],
            "repeated": 0,
            "id": 8670
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 8671
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 8672
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "TurnOffSPIAnimations"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations"
              }
            ],
            "repeated": 0,
            "id": 8673
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff701008d0e",
            "parentcaller": "0x7ff70103568d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 8674
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff700fe99a5",
            "parentcaller": "0x7ff701035708",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "COMCTL32.DLL"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff994050000"
              }
            ],
            "repeated": 0,
            "id": 8675
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff700fe99a5",
            "parentcaller": "0x7ff701035708",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff994050000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "COMCTL32.DLL"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 8676
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff700fe99a5",
            "parentcaller": "0x7ff701035708",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "InitCommonControlsEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9940d5550"
              }
            ],
            "repeated": 0,
            "id": 8677
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff700fe99a5",
            "parentcaller": "0x7ff701035708",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9898a0000"
              },
              {
                "name": "ModuleName",
                "value": "MFC42u.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8678
          },
          {
            "timestamp": "2026-06-30 02:26:25,010",
            "thread_id": "336",
            "caller": "0x7ff700fe99a5",
            "parentcaller": "0x7ff701035708",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9898a0000"
              },
              {
                "name": "ModuleName",
                "value": "MFC42u.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8679
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe99a5",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 8680
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff70104f10f",
            "parentcaller": "0x7ff700fe9a3b",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1870",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3132"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 3,
            "id": 8681
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff70104f10f",
            "parentcaller": "0x7ff700fe9a3b",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1880",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3133"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8682
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9f08",
            "parentcaller": "0x7ff700fe9a43",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1850",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3128"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 4,
            "id": 8683
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9ae9",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d3b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#50134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8684
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9ae9",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdbf8e0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d3b8"
              }
            ],
            "repeated": 0,
            "id": 8685
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9ae9",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c7d8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#35"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8686
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9ae9",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdbf478",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c7d8"
              }
            ],
            "repeated": 0,
            "id": 8687
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b0f",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d3c8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#50135"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8688
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b0f",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdc32d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d3c8"
              }
            ],
            "repeated": 0,
            "id": 8689
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b0f",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c868",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#44"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8690
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b0f",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdc2e68",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c868"
              }
            ],
            "repeated": 0,
            "id": 8691
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b35",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d3d8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#50136"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8692
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b35",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdc6cc0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d3d8"
              }
            ],
            "repeated": 0,
            "id": 8693
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b35",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c8f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#53"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8694
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b35",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdc6858",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c8f8"
              }
            ],
            "repeated": 0,
            "id": 8695
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b5b",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d3e8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#50137"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8696
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b5b",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdca6b0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d3e8"
              }
            ],
            "repeated": 0,
            "id": 8697
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b5b",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c988",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#62"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8698
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fe9b5b",
            "parentcaller": "0x7ff701035708",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdca248",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c988"
              }
            ],
            "repeated": 0,
            "id": 8699
          },
          {
            "timestamp": "2026-06-30 02:26:25,026",
            "thread_id": "336",
            "caller": "0x7ff700fea6a5",
            "parentcaller": "0x7ff701050630",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1880",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3133"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8700
          },
          {
            "timestamp": "2026-06-30 02:26:25,042",
            "thread_id": "336",
            "caller": "0x7ff701050659",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff994050000"
              }
            ],
            "repeated": 0,
            "id": 8701
          },
          {
            "timestamp": "2026-06-30 02:26:25,042",
            "thread_id": "336",
            "caller": "0x7ff701050659",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff994050000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "comctl32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8702
          },
          {
            "timestamp": "2026-06-30 02:26:25,042",
            "thread_id": "336",
            "caller": "0x7ff701050659",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9940d5680"
              }
            ],
            "repeated": 0,
            "id": 8703
          },
          {
            "timestamp": "2026-06-30 02:26:25,042",
            "thread_id": "336",
            "caller": "0x7ff701050659",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 5,
            "id": 8704
          },
          {
            "timestamp": "2026-06-30 02:26:25,042",
            "thread_id": "336",
            "caller": "0x7ff700fea6a5",
            "parentcaller": "0x7ff701051a7b",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1880",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3133"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8705
          },
          {
            "timestamp": "2026-06-30 02:26:25,042",
            "thread_id": "336",
            "caller": "0x7ff700fea6a5",
            "parentcaller": "0x7ff70105079b",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b18f0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3151"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8706
          },
          {
            "timestamp": "2026-06-30 02:26:25,042",
            "thread_id": "336",
            "caller": "0x7ff7010523e2",
            "parentcaller": "0x7ff7010507dc",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff994050000"
              }
            ],
            "repeated": 0,
            "id": 8707
          },
          {
            "timestamp": "2026-06-30 02:26:25,042",
            "thread_id": "336",
            "caller": "0x7ff7010523e2",
            "parentcaller": "0x7ff7010507dc",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff994050000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "comctl32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8708
          },
          {
            "timestamp": "2026-06-30 02:26:25,042",
            "thread_id": "336",
            "caller": "0x7ff7010523e2",
            "parentcaller": "0x7ff7010507dc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff994050000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9940d5680"
              }
            ],
            "repeated": 0,
            "id": 8709
          },
          {
            "timestamp": "2026-06-30 02:26:25,042",
            "thread_id": "336",
            "caller": "0x7ff7010523e2",
            "parentcaller": "0x7ff7010507dc",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 8710
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff70105084b",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001022"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8711
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff70105084b",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99429a000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8712
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff70105084b",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99429a000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8713
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff70105084b",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 8714
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff70105084b",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734ca47000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8715
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff7010508c3",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "B5F8350B-0548-48B1-A6EE-88BD00B4A5E7"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "6E26E776-04F0-495D-80E4-3330352E3169"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8716
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff700fea6a5",
            "parentcaller": "0x7ff7010508ea",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b18a0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3135"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8717
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff70105092c",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8718
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff70105092c",
            "parentcaller": "0x7ff700fe9cbc",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 8719
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff7010516e1",
            "parentcaller": "0x7ff701050945",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09280000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8720
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff7010516e1",
            "parentcaller": "0x7ff701050945",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 8721
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff7010516e1",
            "parentcaller": "0x7ff701050945",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8722
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff700fea6a5",
            "parentcaller": "0x7ff701051a7b",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1880",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3133"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 100,
            "id": 8723
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff7010518a0",
            "parentcaller": "0x7ff701050945",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f886000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8724
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff7010518a0",
            "parentcaller": "0x7ff701050945",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8725
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff7010518a0",
            "parentcaller": "0x7ff701050945",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 8726
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff7010518a0",
            "parentcaller": "0x7ff701050945",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09280000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8727
          },
          {
            "timestamp": "2026-06-30 02:26:25,057",
            "thread_id": "336",
            "caller": "0x7ff700fea6a5",
            "parentcaller": "0x7ff701050980",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b18f0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3151"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8728
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff7010523e2",
            "parentcaller": "0x7ff7010509ba",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 3,
            "id": 8729
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff7010522da",
            "parentcaller": "0x7ff700fea0db",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99429a000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8730
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff7010522da",
            "parentcaller": "0x7ff700fea0db",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99429a000"
              },
              {
                "name": "ModuleName",
                "value": "COMCTL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8731
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d1d8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#6401"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8732
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdcbbe0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d1d8"
              }
            ],
            "repeated": 0,
            "id": 8733
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c9b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#65"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8734
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdcb778",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c9b8"
              }
            ],
            "repeated": 0,
            "id": 8735
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052364",
            "parentcaller": "0x7ff700fea0db",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              }
            ],
            "repeated": 0,
            "id": 8736
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d1e8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#6402"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8737
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdce590",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d1e8"
              }
            ],
            "repeated": 0,
            "id": 8738
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9ca18",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#71"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8739
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdce128",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ca18"
              }
            ],
            "repeated": 0,
            "id": 8740
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052364",
            "parentcaller": "0x7ff700fea0db",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              }
            ],
            "repeated": 0,
            "id": 8741
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d1f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#6403"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8742
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd0f40",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d1f8"
              }
            ],
            "repeated": 0,
            "id": 8743
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9ca78",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#77"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8744
          },
          {
            "timestamp": "2026-06-30 02:26:25,073",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd0ad8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ca78"
              }
            ],
            "repeated": 0,
            "id": 8745
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052364",
            "parentcaller": "0x7ff700fea0db",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              }
            ],
            "repeated": 0,
            "id": 8746
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d208",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#6404"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8747
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdcfa68",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d208"
              }
            ],
            "repeated": 0,
            "id": 8748
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9ca48",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#74"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8749
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdcf600",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9ca48"
              }
            ],
            "repeated": 0,
            "id": 8750
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052364",
            "parentcaller": "0x7ff700fea0db",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              }
            ],
            "repeated": 0,
            "id": 8751
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d218",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#6405"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8752
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdcd0b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d218"
              }
            ],
            "repeated": 0,
            "id": 8753
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c9e8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#68"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8754
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0db",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdccc50",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c9e8"
              }
            ],
            "repeated": 0,
            "id": 8755
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052364",
            "parentcaller": "0x7ff700fea0db",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              }
            ],
            "repeated": 0,
            "id": 8756
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff7010522da",
            "parentcaller": "0x7ff700fea0ea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f887000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8757
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d228",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#6406"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8758
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd2418",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d228"
              }
            ],
            "repeated": 0,
            "id": 8759
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9caa8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#80"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8760
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd1fb0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9caa8"
              }
            ],
            "repeated": 0,
            "id": 8761
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052364",
            "parentcaller": "0x7ff700fea0ea",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              }
            ],
            "repeated": 0,
            "id": 8762
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d238",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#6407"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8763
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd4dc8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d238"
              }
            ],
            "repeated": 0,
            "id": 8764
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9cb08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#86"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8765
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd4960",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9cb08"
              }
            ],
            "repeated": 0,
            "id": 8766
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052364",
            "parentcaller": "0x7ff700fea0ea",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              }
            ],
            "repeated": 0,
            "id": 8767
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d248",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#6408"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8768
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd7778",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d248"
              }
            ],
            "repeated": 0,
            "id": 8769
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9cb68",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#92"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8770
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd7310",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9cb68"
              }
            ],
            "repeated": 0,
            "id": 8771
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052364",
            "parentcaller": "0x7ff700fea0ea",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              }
            ],
            "repeated": 0,
            "id": 8772
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d258",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#6409"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8773
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd62a0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d258"
              }
            ],
            "repeated": 0,
            "id": 8774
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9cb38",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#89"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8775
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd5e38",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9cb38"
              }
            ],
            "repeated": 0,
            "id": 8776
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052364",
            "parentcaller": "0x7ff700fea0ea",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              }
            ],
            "repeated": 0,
            "id": 8777
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d268",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#6410"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8778
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd38f0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d268"
              }
            ],
            "repeated": 0,
            "id": 8779
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9cad8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#3"
              },
              {
                "name": "Name",
                "value": "#83"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8780
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052349",
            "parentcaller": "0x7ff700fea0ea",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdd3488",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9cad8"
              }
            ],
            "repeated": 0,
            "id": 8781
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff701052364",
            "parentcaller": "0x7ff700fea0ea",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\mspaint.exe"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              }
            ],
            "repeated": 0,
            "id": 8782
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff7010516e1",
            "parentcaller": "0x7ff700fe9d8d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09280000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8783
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff7010516e1",
            "parentcaller": "0x7ff700fe9d8d",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 8784
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff7010516e1",
            "parentcaller": "0x7ff700fe9d8d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8785
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff700fea6a5",
            "parentcaller": "0x7ff701051a7b",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1880",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3133"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 10,
            "id": 8786
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff7010518a0",
            "parentcaller": "0x7ff700fe9d8d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8787
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff7010518a0",
            "parentcaller": "0x7ff700fe9d8d",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 8788
          },
          {
            "timestamp": "2026-06-30 02:26:25,089",
            "thread_id": "336",
            "caller": "0x7ff7010518a0",
            "parentcaller": "0x7ff700fe9d8d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09280000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8789
          },
          {
            "timestamp": "2026-06-30 02:26:25,104",
            "thread_id": "336",
            "caller": "0x7ff700fea733",
            "parentcaller": "0x7ff700fe9e3a",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8790
          },
          {
            "timestamp": "2026-06-30 02:26:25,104",
            "thread_id": "336",
            "caller": "0x7ff700fea754",
            "parentcaller": "0x7ff700fe9e3a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000594"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x01\\x00\\x00\\x00\\x00\\x00\\xbdH\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8791
          },
          {
            "timestamp": "2026-06-30 02:26:25,104",
            "thread_id": "336",
            "caller": "0x7ff700fea765",
            "parentcaller": "0x7ff700fe9e3a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 8792
          },
          {
            "timestamp": "2026-06-30 02:26:25,104",
            "thread_id": "336",
            "caller": "0x7ff7010168a5",
            "parentcaller": "0x7ff700fea7c2",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1880",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3133"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8793
          },
          {
            "timestamp": "2026-06-30 02:26:25,104",
            "thread_id": "336",
            "caller": "0x7ff701016952",
            "parentcaller": "0x7ff700fea7c2",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b18a0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3135"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8794
          },
          {
            "timestamp": "2026-06-30 02:26:25,104",
            "thread_id": "336",
            "caller": "0x7ff701035734",
            "parentcaller": "0x7ff701034a9a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes"
              },
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes"
              }
            ],
            "repeated": 0,
            "id": 8795
          },
          {
            "timestamp": "2026-06-30 02:26:25,104",
            "thread_id": "336",
            "caller": "0x7ff701035734",
            "parentcaller": "0x7ff701034a9a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              },
              {
                "name": "ValueName",
                "value": "Segoe UI"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI"
              }
            ],
            "repeated": 0,
            "id": 8796
          },
          {
            "timestamp": "2026-06-30 02:26:25,104",
            "thread_id": "336",
            "caller": "0x7ff701035734",
            "parentcaller": "0x7ff701034a9a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 8797
          },
          {
            "timestamp": "2026-06-30 02:26:25,120",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "windows",
            "api": "PostMessageA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000804aa"
              },
              {
                "name": "Message",
                "value": "0x00000d00"
              }
            ],
            "repeated": 0,
            "id": 8798
          },
          {
            "timestamp": "2026-06-30 02:26:25,120",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001002"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 3,
            "id": 8799
          },
          {
            "timestamp": "2026-06-30 02:26:25,167",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 4,
            "id": 8800
          },
          {
            "timestamp": "2026-06-30 02:26:25,182",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "windows",
            "api": "PostMessageA",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000c0414"
              },
              {
                "name": "Message",
                "value": "0x00000d00"
              }
            ],
            "repeated": 0,
            "id": 8801
          },
          {
            "timestamp": "2026-06-30 02:26:25,182",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000c0414"
              },
              {
                "name": "Message",
                "value": "0x0000036a"
              }
            ],
            "repeated": 0,
            "id": 8802
          },
          {
            "timestamp": "2026-06-30 02:26:25,182",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 0,
            "id": 8803
          },
          {
            "timestamp": "2026-06-30 02:26:25,182",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8804
          },
          {
            "timestamp": "2026-06-30 02:26:25,182",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 8805
          },
          {
            "timestamp": "2026-06-30 02:26:25,182",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 8806
          },
          {
            "timestamp": "2026-06-30 02:26:25,182",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9239000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8807
          },
          {
            "timestamp": "2026-06-30 02:26:25,182",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9239000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8808
          },
          {
            "timestamp": "2026-06-30 02:26:25,182",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9239000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8809
          },
          {
            "timestamp": "2026-06-30 02:26:25,182",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9239000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8810
          },
          {
            "timestamp": "2026-06-30 02:26:25,182",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 8811
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 8812
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49245"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8813
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49246"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8814
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 8815
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 1,
            "id": 8816
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 8817
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f888000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8818
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "MutexName",
                "value": "Local\\MSCTF.Asm.MutexDefault2"
              }
            ],
            "repeated": 0,
            "id": 8819
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8820
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 8821
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000594"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\CTF.AsmListCache.FMPDefault2"
              }
            ],
            "repeated": 0,
            "id": 8822
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000594"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17350290000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edeb7c0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8823
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17350290000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8824
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000594"
              }
            ],
            "repeated": 0,
            "id": 8825
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 8826
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 8827
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\CTF\\Compatibility\\mspaint.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\mspaint.exe"
              }
            ],
            "repeated": 0,
            "id": 8828
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 8829
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "8192"
              }
            ],
            "repeated": 0,
            "id": 8830
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "MutexName",
                "value": "CicLoadWinStaWinSta0"
              }
            ],
            "repeated": 0,
            "id": 8831
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 8832
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              },
              {
                "name": "MutexName",
                "value": "Local\\MSCTF.CtfMonitorInstMutexDefault2"
              }
            ],
            "repeated": 0,
            "id": 8833
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 8834
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 8,
            "id": 8835
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8836
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8837
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              }
            ],
            "repeated": 0,
            "id": 8838
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "LaunchUserOOBE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE"
              }
            ],
            "repeated": 0,
            "id": 8839
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 8840
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9b21000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8841
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9b21000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8842
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 0,
            "id": 8843
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dwmapi.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f20000"
              }
            ],
            "repeated": 0,
            "id": 8844
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a5f20000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\SYSTEM32\\dwmapi.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 8845
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 3,
            "id": 8846
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtDeleteAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 0,
            "id": 8847
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 8848
          },
          {
            "timestamp": "2026-06-30 02:26:25,198",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 8,
            "id": 8849
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8850
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 8851
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              }
            ],
            "repeated": 0,
            "id": 8852
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              },
              {
                "name": "ValueName",
                "value": "LaunchUserOOBE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE"
              }
            ],
            "repeated": 0,
            "id": 8853
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a0"
              }
            ],
            "repeated": 0,
            "id": 8854
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 8855
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa9f93b0"
              }
            ],
            "repeated": 0,
            "id": 8856
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa8f9b0"
              }
            ],
            "repeated": 0,
            "id": 8857
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa32450"
              }
            ],
            "repeated": 0,
            "id": 8858
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa6f950"
              }
            ],
            "repeated": 0,
            "id": 8859
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa4cb70"
              }
            ],
            "repeated": 0,
            "id": 8860
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa53330"
              }
            ],
            "repeated": 0,
            "id": 8861
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4504:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8862
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 8863
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8864
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8865
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8866
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8867
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a4"
              }
            ],
            "repeated": 0,
            "id": 8868
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              }
            ],
            "repeated": 0,
            "id": 8869
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 8870
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 8871
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000001"
              },
              {
                "name": "EventName",
                "value": "Local\\2ImmersiveFocusTrackingActiveEvent"
              }
            ],
            "repeated": 0,
            "id": 8872
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8873
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 8874
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "textinputframework.dll"
              }
            ],
            "repeated": 0,
            "id": 8875
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\textinputframework.dll"
              }
            ],
            "repeated": 0,
            "id": 8876
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000058c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\textinputframework.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8877
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000058c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\TextInputFramework.dll"
              }
            ],
            "repeated": 0,
            "id": 8878
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99bc00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000f9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8879
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99bcf4000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8880
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99bcba000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8881
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99bcba000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8882
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99bcba000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8883
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99bcba000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8884
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99bcba000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8885
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CoreUIComponents.dll"
              }
            ],
            "repeated": 0,
            "id": 8886
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 8887
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a4"
              }
            ],
            "repeated": 0,
            "id": 8888
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              }
            ],
            "repeated": 0,
            "id": 8889
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreUIComponents.dll"
              }
            ],
            "repeated": 0,
            "id": 8890
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000058c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreUIComponents.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8891
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000058c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreUIComponents.dll"
              }
            ],
            "repeated": 0,
            "id": 8892
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5490000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0035e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8893
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a579f000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8894
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a564a000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8895
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a564a000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8896
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a564a000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8897
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a564a000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8898
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a564a000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8899
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 8900
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 8901
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005a4"
              }
            ],
            "repeated": 0,
            "id": 8902
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000058c"
              }
            ],
            "repeated": 0,
            "id": 8903
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 8904
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8905
          },
          {
            "timestamp": "2026-06-30 02:26:25,214",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 8906
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a57f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000f2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8907
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a58d0000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8908
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5886000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8909
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5886000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8910
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5886000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8911
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5886000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8912
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5886000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8913
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 8914
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 8915
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 8916
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8917
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 8918
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000598"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6e00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00033000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8919
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6e30000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8920
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6e24000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8921
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6e24000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8922
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6e24000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8923
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6e24000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8924
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6e24000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8925
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 8926
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 8927
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 8928
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99bcba000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8929
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5886000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8930
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6e24000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8931
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a564a000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8932
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe5\\x7fMs\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08A\\x87Ms\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\xee\\x7fMs\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x88\\xb3\\x86Ms\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf3\\x7fMs\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`B\\x87Ms\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x1e\\x80Ms\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00pG\\x87Ms\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80#\\x80Ms\\x01\\x00\\x00\\x02\\x00\\x00\\x00s\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xa5\\x86Ms\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8933
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8934
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 8935
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a6e00000"
              }
            ],
            "repeated": 0,
            "id": 8936
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8937
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 8938
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CoreMessaging"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a57f0000"
              }
            ],
            "repeated": 0,
            "id": 8939
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreUIComponents.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8940
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 8941
          },
          {
            "timestamp": "2026-06-30 02:26:25,229",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CoreUIComponents"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a5490000"
              }
            ],
            "repeated": 0,
            "id": 8942
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\textinputframework.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 8943
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 8944
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\textinputframework"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99bc00000"
              }
            ],
            "repeated": 0,
            "id": 8945
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\ntmarta"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6e00000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a6e06930"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8946
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\CoreMessaging"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a57f0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a5847480"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8947
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\CoreUIComponents"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5490000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a5512fe0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8948
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\TextInputFramework"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99bc00000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff99bc3e070"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 8949
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9b21000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8950
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9b21000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8951
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\CTF\\"
              },
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\"
              }
            ],
            "repeated": 0,
            "id": 8952
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              },
              {
                "name": "ValueName",
                "value": "EnableAnchorContext"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext"
              }
            ],
            "repeated": 0,
            "id": 8953
          },
          {
            "timestamp": "2026-06-30 02:26:25,245",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 8954
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8955
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 0,
            "id": 8956
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x9b2020b2c6ee",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "USER32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              }
            ],
            "repeated": 0,
            "id": 8957
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x9b2020b2fb7e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#32512"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8958
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x9b2020b2fb7e",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "Type",
                "value": "#22"
              },
              {
                "name": "Name",
                "value": "#32512"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8959
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x9b2020b2fa6e",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f889000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8960
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x9b2020b2c2be",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 12,
            "id": 8961
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x7ff70101a360",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8962
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x7ff70101a360",
            "parentcaller": "0x9b2020b2cfee",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 2,
            "id": 8963
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x7ff70101a360",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8964
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x7ff70101a360",
            "parentcaller": "0x7ff70101a869",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 2,
            "id": 8965
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x7ff701038f39",
            "parentcaller": "0x7ff70101a360",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8966
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x7ff701038f39",
            "parentcaller": "0x7ff70101a360",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 2,
            "id": 8967
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x7ff701038f39",
            "parentcaller": "0x7ff70101a360",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 8968
          },
          {
            "timestamp": "2026-06-30 02:26:25,260",
            "thread_id": "336",
            "caller": "0x7ff701038f39",
            "parentcaller": "0x7ff70101a360",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 1,
            "id": 8969
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff701006a89",
            "parentcaller": "0x7ff701009bbd",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8970
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff701006b06",
            "parentcaller": "0x7ff701009bbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09280000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8971
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff701006b06",
            "parentcaller": "0x7ff701009bbd",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "MSAA_*FCFFFFFF00000000"
              },
              {
                "name": "Atom",
                "value": "0x0000c043"
              }
            ],
            "repeated": 0,
            "id": 8972
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff701006b06",
            "parentcaller": "0x7ff701009bbd",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09260000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 8973
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cc00",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c4d8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#8021"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8974
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cc11",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdfa740",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c4d8"
              }
            ],
            "repeated": 0,
            "id": 8975
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cc44",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c4e8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#2"
              },
              {
                "name": "Name",
                "value": "#8022"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8976
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cc55",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdfa788",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c4e8"
              }
            ],
            "repeated": 0,
            "id": 8977
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cccc",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9cf38",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#12"
              },
              {
                "name": "Name",
                "value": "#9263"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8978
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104ccdd",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce2e028",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9cf38"
              }
            ],
            "repeated": 0,
            "id": 8979
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104ccdd",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c168",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#1"
              },
              {
                "name": "Name",
                "value": "#153"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8980
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104ccdd",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce2cf78",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c168"
              }
            ],
            "repeated": 0,
            "id": 8981
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cd12",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d038",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#12"
              },
              {
                "name": "Name",
                "value": "#9279"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8982
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cd23",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce36668",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d038"
              }
            ],
            "repeated": 0,
            "id": 8983
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cd23",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c1e8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#1"
              },
              {
                "name": "Name",
                "value": "#161"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8984
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cd23",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce355b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c1e8"
              }
            ],
            "repeated": 0,
            "id": 8985
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cd58",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d078",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#12"
              },
              {
                "name": "Name",
                "value": "#9283"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8986
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cd69",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce387f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d078"
              }
            ],
            "repeated": 0,
            "id": 8987
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cd69",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c208",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#1"
              },
              {
                "name": "Name",
                "value": "#163"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8988
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cd69",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce37748",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c208"
              }
            ],
            "repeated": 0,
            "id": 8989
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cd9e",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d018",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#12"
              },
              {
                "name": "Name",
                "value": "#9277"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8990
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cdaf",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce355a0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d018"
              }
            ],
            "repeated": 0,
            "id": 8991
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cdaf",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c1d8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#1"
              },
              {
                "name": "Name",
                "value": "#160"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8992
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cdaf",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce344f0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c1d8"
              }
            ],
            "repeated": 0,
            "id": 8993
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cde4",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d058",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#12"
              },
              {
                "name": "Name",
                "value": "#9281"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8994
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cdf5",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce37730",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d058"
              }
            ],
            "repeated": 0,
            "id": 8995
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cdf5",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c1f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#1"
              },
              {
                "name": "Name",
                "value": "#162"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8996
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104cdf5",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce36680",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c1f8"
              }
            ],
            "repeated": 0,
            "id": 8997
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104ce2a",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9d0b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#12"
              },
              {
                "name": "Name",
                "value": "#9287"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8998
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104ce3b",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce3a988",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9d0b8"
              }
            ],
            "repeated": 0,
            "id": 8999
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104ce3b",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c228",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#1"
              },
              {
                "name": "Name",
                "value": "#165"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9000
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70104ce3b",
            "parentcaller": "0x7ff70104d261",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce398d8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c228"
              }
            ],
            "repeated": 0,
            "id": 9001
          },
          {
            "timestamp": "2026-06-30 02:26:25,276",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 9,
            "id": 9002
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007f08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1372"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9003
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d060da0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007f08"
              }
            ],
            "repeated": 0,
            "id": 9004
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000000df",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007f08"
              }
            ],
            "repeated": 0,
            "id": 9005
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 20,
            "id": 9006
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007ce8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1338"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9007
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d04f160",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007ce8"
              }
            ],
            "repeated": 0,
            "id": 9008
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000002bf",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007ce8"
              }
            ],
            "repeated": 0,
            "id": 9009
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 13,
            "id": 9010
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007b98",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1317"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9011
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d0387b0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007b98"
              }
            ],
            "repeated": 0,
            "id": 9012
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000021c",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007b98"
              }
            ],
            "repeated": 0,
            "id": 9013
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 51,
            "id": 9014
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005cc"
              },
              {
                "name": "MutexName",
                "value": "Local\\SessionImmersiveColorMutex"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9015
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005cc"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 9016
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f001f"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\SessionImmersiveColorPreference"
              }
            ],
            "repeated": 0,
            "id": 9017
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17350660000"
              },
              {
                "name": "SectionOffset",
                "value": "0x1e5edec1a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9018
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9019
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9020
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Accent"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Accent"
              }
            ],
            "repeated": 0,
            "id": 9021
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9022
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9023
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\Personalization"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Personalization"
              }
            ],
            "repeated": 0,
            "id": 9024
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              },
              {
                "name": "ValueName",
                "value": "PersonalColors_Background"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization\\PersonalColors_Background"
              }
            ],
            "repeated": 0,
            "id": 9025
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 9026
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 9027
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9028
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\Personalization"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Personalization"
              }
            ],
            "repeated": 0,
            "id": 9029
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              },
              {
                "name": "ValueName",
                "value": "NoChangingStartMenuBackground"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization\\NoChangingStartMenuBackground"
              }
            ],
            "repeated": 0,
            "id": 9030
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 9031
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9032
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xc0\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00J7x\\xaa\\xf9\\x7f\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9033
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 9034
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9035
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 9036
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 9037
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 9038
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 9039
          },
          {
            "timestamp": "2026-06-30 02:26:25,292",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005cc"
              }
            ],
            "repeated": 0,
            "id": 9040
          },
          {
            "timestamp": "2026-06-30 02:26:25,307",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 68,
            "id": 9041
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007798",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1253"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9042
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d014c18",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007798"
              }
            ],
            "repeated": 0,
            "id": 9043
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000000da",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007798"
              }
            ],
            "repeated": 0,
            "id": 9044
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 9045
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007f48",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1376"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9046
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d06cf30",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007f48"
              }
            ],
            "repeated": 0,
            "id": 9047
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000000e5",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007f48"
              }
            ],
            "repeated": 0,
            "id": 9048
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 11,
            "id": 9049
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007828",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1262"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9050
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d018fb0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007828"
              }
            ],
            "repeated": 0,
            "id": 9051
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000054",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007828"
              }
            ],
            "repeated": 0,
            "id": 9052
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 8,
            "id": 9053
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007f98",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1381"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9054
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d070b28",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007f98"
              }
            ],
            "repeated": 0,
            "id": 9055
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000055",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007f98"
              }
            ],
            "repeated": 0,
            "id": 9056
          },
          {
            "timestamp": "2026-06-30 02:26:25,323",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 43,
            "id": 9057
          },
          {
            "timestamp": "2026-06-30 02:26:25,339",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d0078c8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1272"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9058
          },
          {
            "timestamp": "2026-06-30 02:26:25,339",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d01b758",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d0078c8"
              }
            ],
            "repeated": 0,
            "id": 9059
          },
          {
            "timestamp": "2026-06-30 02:26:25,339",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000215",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d0078c8"
              }
            ],
            "repeated": 0,
            "id": 9060
          },
          {
            "timestamp": "2026-06-30 02:26:25,339",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 3,
            "id": 9061
          },
          {
            "timestamp": "2026-06-30 02:26:25,339",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d0078b8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1271"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9062
          },
          {
            "timestamp": "2026-06-30 02:26:25,339",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d01b148",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d0078b8"
              }
            ],
            "repeated": 0,
            "id": 9063
          },
          {
            "timestamp": "2026-06-30 02:26:25,339",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000215",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d0078b8"
              }
            ],
            "repeated": 0,
            "id": 9064
          },
          {
            "timestamp": "2026-06-30 02:26:25,339",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 3,
            "id": 9065
          },
          {
            "timestamp": "2026-06-30 02:26:25,339",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d0078d8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1273"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9066
          },
          {
            "timestamp": "2026-06-30 02:26:25,339",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d01bd68",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d0078d8"
              }
            ],
            "repeated": 0,
            "id": 9067
          },
          {
            "timestamp": "2026-06-30 02:26:25,339",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000215",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d0078d8"
              }
            ],
            "repeated": 0,
            "id": 9068
          },
          {
            "timestamp": "2026-06-30 02:26:25,354",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 75,
            "id": 9069
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007aa8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1302"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9070
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d02eb88",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007aa8"
              }
            ],
            "repeated": 0,
            "id": 9071
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000031b",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007aa8"
              }
            ],
            "repeated": 0,
            "id": 9072
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 1,
            "id": 9073
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007a38",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1295"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9074
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d02a910",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007a38"
              }
            ],
            "repeated": 0,
            "id": 9075
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000002ec",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007a38"
              }
            ],
            "repeated": 0,
            "id": 9076
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9077
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007b18",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1309"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9078
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d032d38",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007b18"
              }
            ],
            "repeated": 0,
            "id": 9079
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000342",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007b18"
              }
            ],
            "repeated": 0,
            "id": 9080
          },
          {
            "timestamp": "2026-06-30 02:26:25,370",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 62,
            "id": 9081
          },
          {
            "timestamp": "2026-06-30 02:26:25,385",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007778",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1251"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9082
          },
          {
            "timestamp": "2026-06-30 02:26:25,385",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d0143d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007778"
              }
            ],
            "repeated": 0,
            "id": 9083
          },
          {
            "timestamp": "2026-06-30 02:26:25,385",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000002bc",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007778"
              }
            ],
            "repeated": 0,
            "id": 9084
          },
          {
            "timestamp": "2026-06-30 02:26:25,385",
            "thread_id": "336",
            "caller": "0x7ff70101a370",
            "parentcaller": "0x7ff70101a869",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9085
          },
          {
            "timestamp": "2026-06-30 02:26:25,385",
            "thread_id": "336",
            "caller": "0x7ff70101c87e",
            "parentcaller": "0x7ff7010344b2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "GetLayout"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a6860"
              }
            ],
            "repeated": 0,
            "id": 9086
          },
          {
            "timestamp": "2026-06-30 02:26:25,385",
            "thread_id": "336",
            "caller": "0x7ff700feaab6",
            "parentcaller": "0x7ff701007767",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9087
          },
          {
            "timestamp": "2026-06-30 02:26:25,401",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff70100840d",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 2,
            "id": 9088
          },
          {
            "timestamp": "2026-06-30 02:26:25,417",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 1,
            "id": 9089
          },
          {
            "timestamp": "2026-06-30 02:26:25,417",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c8f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9090
          },
          {
            "timestamp": "2026-06-30 02:26:25,417",
            "thread_id": "336",
            "caller": "0x7ff70101a869",
            "parentcaller": "0x7ff7010296ab",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 5,
            "id": 9091
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f88b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9092
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f88e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9093
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0d7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9094
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0d8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9095
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0d9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9096
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0da000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9097
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9098
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9099
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9100
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0de000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9101
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9102
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9103
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9104
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9105
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9106
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9107
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9108
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9109
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9110
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9111
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f891000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9112
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f896000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9113
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f89b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9114
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9115
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateBitmapFromScan0"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99019aac0"
              }
            ],
            "repeated": 0,
            "id": 9116
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9117
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9118
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImageGraphicsContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff990199710"
              }
            ],
            "repeated": 0,
            "id": 9119
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9120
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9121
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGraphicsClear"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff990198f20"
              }
            ],
            "repeated": 0,
            "id": 9122
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9123
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9124
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreatePen1"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99018fa60"
              }
            ],
            "repeated": 0,
            "id": 9125
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9126
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9127
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateSolidFill"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99018ffd0"
              }
            ],
            "repeated": 0,
            "id": 9128
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9129
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9130
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDrawRectangleI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99018f320"
              }
            ],
            "repeated": 0,
            "id": 9131
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9132
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9133
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipFillRectangleI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff990190140"
              }
            ],
            "repeated": 0,
            "id": 9134
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9135
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9136
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDeleteBrush"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99018fcf0"
              }
            ],
            "repeated": 0,
            "id": 9137
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9138
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9139
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDeletePen"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99018dfe0"
              }
            ],
            "repeated": 0,
            "id": 9140
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9141
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9142
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDeleteGraphics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99019a7d0"
              }
            ],
            "repeated": 0,
            "id": 9143
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9144
          },
          {
            "timestamp": "2026-06-30 02:26:25,432",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f89e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9145
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701038c49",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9146
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99038",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40304"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9147
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000006b1",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9148
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdfc460",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9149
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff7010529c1",
            "parentcaller": "0x7ff701052ab9",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f8a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9150
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701038c49",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9151
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99038",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40304"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9152
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000006b1",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9153
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdfc460",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9154
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701038c49",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9155
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99038",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40304"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9156
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000006b1",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9157
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdfc460",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9158
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701038c49",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9159
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99038",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40304"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9160
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000006b1",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9161
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdfc460",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9162
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701038c49",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9163
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99038",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40304"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9164
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000006b1",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9165
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdfc460",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9166
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701038c49",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9167
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99038",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40304"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9168
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000006b1",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9169
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdfc460",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9170
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701038c49",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9171
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99038",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40304"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9172
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000006b1",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9173
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdfc460",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9174
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff701038c49",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9175
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd99038",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#40304"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9176
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000006b1",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9177
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff701038c49",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cdfc460",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd99038"
              }
            ],
            "repeated": 0,
            "id": 9178
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff70101be85",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9179
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9b338",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#60357"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9180
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000104",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b338"
              }
            ],
            "repeated": 0,
            "id": 9181
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaf5c8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b338"
              }
            ],
            "repeated": 0,
            "id": 9182
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff70101be85",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9183
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9b2f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#60353"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9184
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000094",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b2f8"
              }
            ],
            "repeated": 0,
            "id": 9185
          },
          {
            "timestamp": "2026-06-30 02:26:25,448",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaf300",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b2f8"
              }
            ],
            "repeated": 0,
            "id": 9186
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff70101be85",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9187
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9b338",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#60357"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9188
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000104",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b338"
              }
            ],
            "repeated": 0,
            "id": 9189
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaf5c8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b338"
              }
            ],
            "repeated": 0,
            "id": 9190
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff70101be85",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9191
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9b2f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#60353"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9192
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000094",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b2f8"
              }
            ],
            "repeated": 0,
            "id": 9193
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaf300",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b2f8"
              }
            ],
            "repeated": 0,
            "id": 9194
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff70101be85",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9195
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9b338",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#60357"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9196
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000104",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b338"
              }
            ],
            "repeated": 0,
            "id": 9197
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaf5c8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b338"
              }
            ],
            "repeated": 0,
            "id": 9198
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff70101be85",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9199
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9b2f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#60353"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9200
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000094",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b2f8"
              }
            ],
            "repeated": 0,
            "id": 9201
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaf300",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b2f8"
              }
            ],
            "repeated": 0,
            "id": 9202
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff70101be85",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9203
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9b338",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#60357"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9204
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000104",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b338"
              }
            ],
            "repeated": 0,
            "id": 9205
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaf5c8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b338"
              }
            ],
            "repeated": 0,
            "id": 9206
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d5a",
            "parentcaller": "0x7ff70101be85",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "317D06E8-5F24-433D-BDF7-79CE68D8ABC2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "EC5EC8A9-C395-4314-9C77-54D7A935FF70"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9207
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9b2f8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "Image"
              },
              {
                "name": "Name",
                "value": "#60353"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9208
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00000094",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b2f8"
              }
            ],
            "repeated": 0,
            "id": 9209
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701053d92",
            "parentcaller": "0x7ff70101be85",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734cfaf300",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9b2f8"
              }
            ],
            "repeated": 0,
            "id": 9210
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701034dc3",
            "parentcaller": "0x7ff701054955",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100000",
                "pretty_value": "GENERIC_READ|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\win.ini"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 9211
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701034dc3",
            "parentcaller": "0x7ff701054955",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\win.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9212
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701034dc3",
            "parentcaller": "0x7ff701054955",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17350b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00101000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9213
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701034dc3",
            "parentcaller": "0x7ff701054955",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17350b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9214
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701034dc3",
            "parentcaller": "0x7ff701054955",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005d4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\win.ini"
              },
              {
                "name": "Buffer",
                "value": "; for 16-bit app support\r\n[fonts]\r\n[extensions]\r\n[mci extensions]\r\n[files]\r\n[Mail]\r\nMAPI=1\r\nCMCDLLNAME32=mapi32.dll\r\nCMC=1\r\nMAPIX=1\r\nMAPIXVER=1.0.0.1\r\nOLEMessaging=1\r\n"
              },
              {
                "name": "Length",
                "value": "167"
              }
            ],
            "repeated": 0,
            "id": 9215
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701034dc3",
            "parentcaller": "0x7ff701054955",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17350b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00101000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 9216
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701034dc3",
            "parentcaller": "0x7ff701054955",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 9217
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701034dc3",
            "parentcaller": "0x7ff701054955",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001c4"
              },
              {
                "name": "ValueName",
                "value": "SafeProcessSearchMode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\SafeProcessSearchMode"
              }
            ],
            "repeated": 0,
            "id": 9218
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff701034dc3",
            "parentcaller": "0x7ff701054955",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mapi32.dll"
              }
            ],
            "repeated": 0,
            "id": 9219
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f8a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9220
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101b6e3",
            "parentcaller": "0x7ff70101b27e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734f8bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00039000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9221
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101dd74",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9898a0000"
              },
              {
                "name": "ModuleName",
                "value": "MFC42u.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9222
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101dd74",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9898a0000"
              },
              {
                "name": "ModuleName",
                "value": "MFC42u.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9223
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e29d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              }
            ],
            "repeated": 0,
            "id": 9224
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "BitBlt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a3980"
              }
            ],
            "repeated": 0,
            "id": 9225
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateCompatibleBitmap"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a4aa0"
              }
            ],
            "repeated": 0,
            "id": 9226
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateCompatibleDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a3b70"
              }
            ],
            "repeated": 0,
            "id": 9227
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateDIBSection"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a2820"
              }
            ],
            "repeated": 0,
            "id": 9228
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFontIndirectW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a1630"
              }
            ],
            "repeated": 0,
            "id": 9229
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateSolidBrush"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a4b70"
              }
            ],
            "repeated": 0,
            "id": 9230
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a2c70"
              }
            ],
            "repeated": 0,
            "id": 9231
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a2130"
              }
            ],
            "repeated": 0,
            "id": 9232
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdiAlphaBlend"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a6c30"
              }
            ],
            "repeated": 0,
            "id": 9233
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdiGradientFill"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a6d70"
              }
            ],
            "repeated": 0,
            "id": 9234
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a4880"
              }
            ],
            "repeated": 0,
            "id": 9235
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "GetDIBits"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a4560"
              }
            ],
            "repeated": 0,
            "id": 9236
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "GetDeviceCaps"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a3290"
              }
            ],
            "repeated": 0,
            "id": 9237
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "GetObjectW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a3f80"
              }
            ],
            "repeated": 0,
            "id": 9238
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "GetStockObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a3910"
              }
            ],
            "repeated": 0,
            "id": 9239
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "SelectObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a3660"
              }
            ],
            "repeated": 0,
            "id": 9240
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "SetBkMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a3ad0"
              }
            ],
            "repeated": 0,
            "id": 9241
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3a0000"
              },
              {
                "name": "FunctionName",
                "value": "SetTextColor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3a3c40"
              }
            ],
            "repeated": 0,
            "id": 9242
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e29d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              }
            ],
            "repeated": 0,
            "id": 9243
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "GetLocaleInfoEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3ecb40"
              }
            ],
            "repeated": 0,
            "id": 9244
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTickCount64"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3e5d30"
              }
            ],
            "repeated": 0,
            "id": 9245
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserPreferredUILanguages"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3f0590"
              }
            ],
            "repeated": 0,
            "id": 9246
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "LCIDToLocaleName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3f0640"
              }
            ],
            "repeated": 0,
            "id": 9247
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "LocaleNameToLCID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3ee080"
              }
            ],
            "repeated": 0,
            "id": 9248
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "MulDiv"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3f5000"
              }
            ],
            "repeated": 0,
            "id": 9249
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "MultiByteToWideChar"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3e5810"
              }
            ],
            "repeated": 0,
            "id": 9250
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "SleepEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3f4aa0"
              }
            ],
            "repeated": 0,
            "id": 9251
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e29d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 9252
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "WinSqmAddToStream"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa6fec0"
              }
            ],
            "repeated": 0,
            "id": 9253
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e29d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              }
            ],
            "repeated": 0,
            "id": 9254
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "DrawTextExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa77eae0"
              }
            ],
            "repeated": 0,
            "id": 9255
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplaySettingsW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa768830"
              }
            ],
            "repeated": 0,
            "id": 9256
          },
          {
            "timestamp": "2026-06-30 02:26:25,464",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "FillRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa783640"
              }
            ],
            "repeated": 0,
            "id": 9257
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa786600"
              }
            ],
            "repeated": 0,
            "id": 9258
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetDCEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa794410"
              }
            ],
            "repeated": 0,
            "id": 9259
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetDesktopWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa76ae40"
              }
            ],
            "repeated": 0,
            "id": 9260
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetMonitorInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa780b70"
              }
            ],
            "repeated": 0,
            "id": 9261
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessWindowStation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa794690"
              }
            ],
            "repeated": 0,
            "id": 9262
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetSysColor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa786310"
              }
            ],
            "repeated": 0,
            "id": 9263
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMetrics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa781220"
              }
            ],
            "repeated": 0,
            "id": 9264
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetThreadDesktop"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa794730"
              }
            ],
            "repeated": 0,
            "id": 9265
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformationW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa794780"
              }
            ],
            "repeated": 0,
            "id": 9266
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "InvalidateRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa794980"
              }
            ],
            "repeated": 0,
            "id": 9267
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "LogicalToPhysicalPointForPerMonitorDPI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa794ab0"
              }
            ],
            "repeated": 0,
            "id": 9268
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "MonitorFromWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa7814b0"
              }
            ],
            "repeated": 0,
            "id": 9269
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "OffsetRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa76ae10"
              }
            ],
            "repeated": 0,
            "id": 9270
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "RedrawWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa794d50"
              }
            ],
            "repeated": 0,
            "id": 9271
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa784010"
              }
            ],
            "repeated": 0,
            "id": 9272
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70101e33f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "FunctionName",
                "value": "SystemParametersInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa7836b0"
              }
            ],
            "repeated": 0,
            "id": 9273
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff7010200a5",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 9274
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff7010200fa",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQuerySystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa8d420"
              }
            ],
            "repeated": 0,
            "id": 9275
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70102011d",
            "parentcaller": "0x7ff70107f0f9",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "134"
              }
            ],
            "repeated": 0,
            "id": 9276
          },
          {
            "timestamp": "2026-06-30 02:26:25,479",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 96,
            "id": 9277
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xea\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x88\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9278
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 9279
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9280
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell"
              }
            ],
            "repeated": 0,
            "id": 9281
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "TabletMode"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell\\TabletMode"
              }
            ],
            "repeated": 0,
            "id": 9282
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 9283
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9284
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005d4"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\DWM"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM"
              }
            ],
            "repeated": 0,
            "id": 9285
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              },
              {
                "name": "ValueName",
                "value": "ColorPrevalence"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM\\ColorPrevalence"
              }
            ],
            "repeated": 0,
            "id": 9286
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 9287
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9288
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 9289
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1910",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3585"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9290
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x17349540bb0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff989740000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3585"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9291
          },
          {
            "timestamp": "2026-06-30 02:26:25,495",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 0,
            "id": 9292
          },
          {
            "timestamp": "2026-06-30 02:26:25,510",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 9293
          },
          {
            "timestamp": "2026-06-30 02:26:25,510",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 96,
            "id": 9294
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xf5\\xde^\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00$\\x88\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9295
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 9296
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9297
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005c8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell"
              }
            ],
            "repeated": 0,
            "id": 9298
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              },
              {
                "name": "ValueName",
                "value": "TabletMode"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell\\TabletMode"
              }
            ],
            "repeated": 0,
            "id": 9299
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 9300
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005c8"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 9301
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005c8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\DWM"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM"
              }
            ],
            "repeated": 0,
            "id": 9302
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              },
              {
                "name": "ValueName",
                "value": "ColorPrevalence"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM\\ColorPrevalence"
              }
            ],
            "repeated": 0,
            "id": 9303
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 9304
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9305
          },
          {
            "timestamp": "2026-06-30 02:26:25,526",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005c8"
              }
            ],
            "repeated": 0,
            "id": 9306
          },
          {
            "timestamp": "2026-06-30 02:26:25,542",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 129,
            "id": 9307
          },
          {
            "timestamp": "2026-06-30 02:26:25,557",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007bf8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1323"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9308
          },
          {
            "timestamp": "2026-06-30 02:26:25,557",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d03a0c8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007bf8"
              }
            ],
            "repeated": 0,
            "id": 9309
          },
          {
            "timestamp": "2026-06-30 02:26:25,557",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000005c5",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007bf8"
              }
            ],
            "repeated": 0,
            "id": 9310
          },
          {
            "timestamp": "2026-06-30 02:26:25,557",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 3,
            "id": 9311
          },
          {
            "timestamp": "2026-06-30 02:26:25,557",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d007c08",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1324"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9312
          },
          {
            "timestamp": "2026-06-30 02:26:25,557",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d03add8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007c08"
              }
            ],
            "repeated": 0,
            "id": 9313
          },
          {
            "timestamp": "2026-06-30 02:26:25,557",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x000003d8",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d007c08"
              }
            ],
            "repeated": 0,
            "id": 9314
          },
          {
            "timestamp": "2026-06-30 02:26:25,557",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 85,
            "id": 9315
          },
          {
            "timestamp": "2026-06-30 02:26:25,573",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734d0078e8",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "Type",
                "value": "#998"
              },
              {
                "name": "Name",
                "value": "#1274"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9316
          },
          {
            "timestamp": "2026-06-30 02:26:25,573",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734d01c378",
            "arguments": [
              {
                "name": "Module",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d0078e8"
              }
            ],
            "repeated": 0,
            "id": 9317
          },
          {
            "timestamp": "2026-06-30 02:26:25,573",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x0000041f",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x1734d000002"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734d0078e8"
              }
            ],
            "repeated": 0,
            "id": 9318
          },
          {
            "timestamp": "2026-06-30 02:26:25,573",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 26,
            "id": 9319
          },
          {
            "timestamp": "2026-06-30 02:26:25,573",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "synchronization",
            "api": "NtFindAtom",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "AfxOldWndProc423"
              },
              {
                "name": "Atom",
                "value": "0x0000c0ec"
              }
            ],
            "repeated": 1,
            "id": 9320
          },
          {
            "timestamp": "2026-06-30 02:26:25,573",
            "thread_id": "336",
            "caller": "0x7ff70102913f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\coml2"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9aa490000"
              }
            ],
            "repeated": 0,
            "id": 9321
          },
          {
            "timestamp": "2026-06-30 02:26:25,589",
            "thread_id": "336",
            "caller": "0x7ff70102913f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000303-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": "file"
              }
            ],
            "repeated": 0,
            "id": 9322
          },
          {
            "timestamp": "2026-06-30 02:26:25,589",
            "thread_id": "336",
            "caller": "0x7ff70102913f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 9323
          },
          {
            "timestamp": "2026-06-30 02:26:25,589",
            "thread_id": "336",
            "caller": "0x7ff70102913f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9324
          },
          {
            "timestamp": "2026-06-30 02:26:25,589",
            "thread_id": "336",
            "caller": "0x7ff70102913f",
            "parentcaller": "0x7ff70107f0f9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
              }
            ],
            "repeated": 0,
            "id": 9325
          },
          {
            "timestamp": "2026-06-30 02:26:25,589",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 51,
            "id": 9326
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff7010060c7",
            "parentcaller": "0x7ff70100a77c",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "527"
              },
              {
                "name": "y",
                "value": "667"
              }
            ],
            "repeated": 2,
            "id": 9327
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff700feaab6",
            "parentcaller": "0x7ff700fea536",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9328
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff70100aaea",
            "parentcaller": "0x7ff70100bf46",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9cf58",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#12"
              },
              {
                "name": "Name",
                "value": "#9265"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9329
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff70100aaea",
            "parentcaller": "0x7ff70100bf46",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce2f0f0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9cf58"
              }
            ],
            "repeated": 0,
            "id": 9330
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff70100aaea",
            "parentcaller": "0x7ff70100bf46",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1734cd9c178",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#1"
              },
              {
                "name": "Name",
                "value": "#154"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9331
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff70100aaea",
            "parentcaller": "0x7ff70100bf46",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1734ce2e040",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1734cd9c178"
              }
            ],
            "repeated": 0,
            "id": 9332
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff70103c53b",
            "parentcaller": "0x7ff70100a839",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "527"
              },
              {
                "name": "y",
                "value": "667"
              }
            ],
            "repeated": 2,
            "id": 9333
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9334
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateFromHDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901ccef0"
              }
            ],
            "repeated": 0,
            "id": 9335
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9336
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9337
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipSetSolidFillColor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901900a0"
              }
            ],
            "repeated": 0,
            "id": 9338
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9339
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9340
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipSetPenWidth"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99018fb90"
              }
            ],
            "repeated": 0,
            "id": 9341
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9342
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9343
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipSetPenBrushFill"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99018f190"
              }
            ],
            "repeated": 0,
            "id": 9344
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9345
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9346
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetSmoothingMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901cd860"
              }
            ],
            "repeated": 0,
            "id": 9347
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9348
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9349
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipSetSmoothingMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901cc660"
              }
            ],
            "repeated": 0,
            "id": 9350
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9351
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9352
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipSetCompositingMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901c76e0"
              }
            ],
            "repeated": 0,
            "id": 9353
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9354
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9355
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipBitmapSetPixel"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9901c35b0"
              }
            ],
            "repeated": 0,
            "id": 9356
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9357
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701076ef6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9358
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701077217",
            "parentcaller": "0x7ff70107fcdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff990180000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDrawImageI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff990190f00"
              }
            ],
            "repeated": 0,
            "id": 9359
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701076e5a",
            "parentcaller": "0x7ff701077383",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff7010d4000"
              },
              {
                "name": "ModuleName",
                "value": "mspaint.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9360
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701075d65",
            "parentcaller": "0x7ff701076700",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1735019c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9361
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff70106c4dd",
            "parentcaller": "0x7ff701007c25",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734c853000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9362
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff70106c4dd",
            "parentcaller": "0x7ff701007c25",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x17350191000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9363
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff701006db2",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9364
          },
          {
            "timestamp": "2026-06-30 02:26:26,714",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "527"
              },
              {
                "name": "y",
                "value": "667"
              }
            ],
            "repeated": 8,
            "id": 9365
          },
          {
            "timestamp": "2026-06-30 02:26:26,729",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff701006db2",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9366
          },
          {
            "timestamp": "2026-06-30 02:26:26,729",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "527"
              },
              {
                "name": "y",
                "value": "667"
              }
            ],
            "repeated": 5,
            "id": 9367
          },
          {
            "timestamp": "2026-06-30 02:26:26,745",
            "thread_id": "336",
            "caller": "0x7ff7010060c7",
            "parentcaller": "0x7ff70100a77c",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "527"
              },
              {
                "name": "y",
                "value": "660"
              }
            ],
            "repeated": 2,
            "id": 9368
          },
          {
            "timestamp": "2026-06-30 02:26:26,745",
            "thread_id": "336",
            "caller": "0x7ff700feaab6",
            "parentcaller": "0x7ff700fea536",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9369
          },
          {
            "timestamp": "2026-06-30 02:26:26,760",
            "thread_id": "336",
            "caller": "0x7ff70103c53b",
            "parentcaller": "0x7ff70100a839",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "526"
              },
              {
                "name": "y",
                "value": "653"
              }
            ],
            "repeated": 2,
            "id": 9370
          },
          {
            "timestamp": "2026-06-30 02:26:26,760",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff701006db2",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9371
          },
          {
            "timestamp": "2026-06-30 02:26:26,760",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "526"
              },
              {
                "name": "y",
                "value": "653"
              }
            ],
            "repeated": 1,
            "id": 9372
          },
          {
            "timestamp": "2026-06-30 02:26:26,760",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "526"
              },
              {
                "name": "y",
                "value": "645"
              }
            ],
            "repeated": 5,
            "id": 9373
          },
          {
            "timestamp": "2026-06-30 02:26:26,776",
            "thread_id": "336",
            "caller": "0x7ff7010060c7",
            "parentcaller": "0x7ff70100a77c",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "525"
              },
              {
                "name": "y",
                "value": "638"
              }
            ],
            "repeated": 2,
            "id": 9374
          },
          {
            "timestamp": "2026-06-30 02:26:26,776",
            "thread_id": "336",
            "caller": "0x7ff700feaab6",
            "parentcaller": "0x7ff700fea536",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9375
          },
          {
            "timestamp": "2026-06-30 02:26:26,776",
            "thread_id": "336",
            "caller": "0x7ff70103c53b",
            "parentcaller": "0x7ff70100a839",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "525"
              },
              {
                "name": "y",
                "value": "638"
              }
            ],
            "repeated": 2,
            "id": 9376
          },
          {
            "timestamp": "2026-06-30 02:26:26,776",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff701006db2",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9377
          },
          {
            "timestamp": "2026-06-30 02:26:26,776",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "525"
              },
              {
                "name": "y",
                "value": "631"
              }
            ],
            "repeated": 6,
            "id": 9378
          },
          {
            "timestamp": "2026-06-30 02:26:26,792",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "524"
              },
              {
                "name": "y",
                "value": "624"
              }
            ],
            "repeated": 4,
            "id": 9379
          },
          {
            "timestamp": "2026-06-30 02:26:26,807",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "524"
              },
              {
                "name": "y",
                "value": "609"
              }
            ],
            "repeated": 0,
            "id": 9380
          },
          {
            "timestamp": "2026-06-30 02:26:26,807",
            "thread_id": "336",
            "caller": "0x7ff7010060c7",
            "parentcaller": "0x7ff70100a77c",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "523"
              },
              {
                "name": "y",
                "value": "602"
              }
            ],
            "repeated": 2,
            "id": 9381
          },
          {
            "timestamp": "2026-06-30 02:26:26,807",
            "thread_id": "336",
            "caller": "0x7ff700feaab6",
            "parentcaller": "0x7ff700fea536",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9382
          },
          {
            "timestamp": "2026-06-30 02:26:26,807",
            "thread_id": "336",
            "caller": "0x7ff70103c53b",
            "parentcaller": "0x7ff70100a839",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "523"
              },
              {
                "name": "y",
                "value": "602"
              }
            ],
            "repeated": 2,
            "id": 9383
          },
          {
            "timestamp": "2026-06-30 02:26:26,807",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff701006db2",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9384
          },
          {
            "timestamp": "2026-06-30 02:26:26,807",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "523"
              },
              {
                "name": "y",
                "value": "602"
              }
            ],
            "repeated": 0,
            "id": 9385
          },
          {
            "timestamp": "2026-06-30 02:26:26,823",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "523"
              },
              {
                "name": "y",
                "value": "594"
              }
            ],
            "repeated": 4,
            "id": 9386
          },
          {
            "timestamp": "2026-06-30 02:26:26,823",
            "thread_id": "336",
            "caller": "0x7ff7010060c7",
            "parentcaller": "0x7ff70100a77c",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "522"
              },
              {
                "name": "y",
                "value": "587"
              }
            ],
            "repeated": 2,
            "id": 9387
          },
          {
            "timestamp": "2026-06-30 02:26:26,823",
            "thread_id": "336",
            "caller": "0x7ff700feaab6",
            "parentcaller": "0x7ff700fea536",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9388
          },
          {
            "timestamp": "2026-06-30 02:26:26,823",
            "thread_id": "336",
            "caller": "0x7ff70103c53b",
            "parentcaller": "0x7ff70100a839",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "522"
              },
              {
                "name": "y",
                "value": "587"
              }
            ],
            "repeated": 2,
            "id": 9389
          },
          {
            "timestamp": "2026-06-30 02:26:26,823",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff701006db2",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9390
          },
          {
            "timestamp": "2026-06-30 02:26:26,823",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "522"
              },
              {
                "name": "y",
                "value": "587"
              }
            ],
            "repeated": 3,
            "id": 9391
          },
          {
            "timestamp": "2026-06-30 02:26:26,839",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "522"
              },
              {
                "name": "y",
                "value": "579"
              }
            ],
            "repeated": 1,
            "id": 9392
          },
          {
            "timestamp": "2026-06-30 02:26:26,854",
            "thread_id": "336",
            "caller": "0x7ff7010060c7",
            "parentcaller": "0x7ff70100a77c",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "571"
              }
            ],
            "repeated": 2,
            "id": 9393
          },
          {
            "timestamp": "2026-06-30 02:26:26,854",
            "thread_id": "336",
            "caller": "0x7ff700feaab6",
            "parentcaller": "0x7ff700fea536",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9394
          },
          {
            "timestamp": "2026-06-30 02:26:26,854",
            "thread_id": "336",
            "caller": "0x7ff70103c53b",
            "parentcaller": "0x7ff70100a839",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "571"
              }
            ],
            "repeated": 2,
            "id": 9395
          },
          {
            "timestamp": "2026-06-30 02:26:26,854",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff701006db2",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9396
          },
          {
            "timestamp": "2026-06-30 02:26:26,854",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "571"
              }
            ],
            "repeated": 1,
            "id": 9397
          },
          {
            "timestamp": "2026-06-30 02:26:26,854",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "564"
              }
            ],
            "repeated": 5,
            "id": 9398
          },
          {
            "timestamp": "2026-06-30 02:26:26,870",
            "thread_id": "336",
            "caller": "0x7ff7010060c7",
            "parentcaller": "0x7ff70100a77c",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "556"
              }
            ],
            "repeated": 2,
            "id": 9399
          },
          {
            "timestamp": "2026-06-30 02:26:26,870",
            "thread_id": "336",
            "caller": "0x7ff700feaab6",
            "parentcaller": "0x7ff700fea536",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9400
          },
          {
            "timestamp": "2026-06-30 02:26:26,870",
            "thread_id": "336",
            "caller": "0x7ff70103c53b",
            "parentcaller": "0x7ff70100a839",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "556"
              }
            ],
            "repeated": 2,
            "id": 9401
          },
          {
            "timestamp": "2026-06-30 02:26:26,870",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff701006db2",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9402
          },
          {
            "timestamp": "2026-06-30 02:26:26,870",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "548"
              }
            ],
            "repeated": 5,
            "id": 9403
          },
          {
            "timestamp": "2026-06-30 02:26:26,885",
            "thread_id": "336",
            "caller": "0x7ff7010060c7",
            "parentcaller": "0x7ff70100a77c",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "540"
              }
            ],
            "repeated": 2,
            "id": 9404
          },
          {
            "timestamp": "2026-06-30 02:26:26,885",
            "thread_id": "336",
            "caller": "0x7ff700feaab6",
            "parentcaller": "0x7ff700fea536",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x173493b1890",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff700fe0000"
              },
              {
                "name": "Type",
                "value": "#6"
              },
              {
                "name": "Name",
                "value": "#3134"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 9405
          },
          {
            "timestamp": "2026-06-30 02:26:26,885",
            "thread_id": "336",
            "caller": "0x7ff70103c53b",
            "parentcaller": "0x7ff70100a839",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "540"
              }
            ],
            "repeated": 2,
            "id": 9406
          },
          {
            "timestamp": "2026-06-30 02:26:26,885",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff701006db2",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9407
          },
          {
            "timestamp": "2026-06-30 02:26:26,885",
            "thread_id": "336",
            "caller": "0x7ff700fffd9d",
            "parentcaller": "0x7ff701029133",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "540"
              }
            ],
            "repeated": 0,
            "id": 9408
          },
          {
            "timestamp": "2026-06-30 02:26:26,901",
            "thread_id": "336",
            "caller": "0x7ff7010060c7",
            "parentcaller": "0x7ff70100f072",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "521"
              },
              {
                "name": "y",
                "value": "523"
              }
            ],
            "repeated": 0,
            "id": 9409
          },
          {
            "timestamp": "2026-06-30 02:26:26,901",
            "thread_id": "336",
            "caller": "0x7ff701016740",
            "parentcaller": "0x7ff701006db2",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x00000010"
              }
            ],
            "repeated": 0,
            "id": 9410
          },
          {
            "timestamp": "2026-06-30 02:26:34,651",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "1004"
              },
              {
                "name": "y",
                "value": "92"
              }
            ],
            "repeated": 1,
            "id": 9411
          },
          {
            "timestamp": "2026-06-30 02:26:35,245",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f48000"
              },
              {
                "name": "ModuleName",
                "value": "dwmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9412
          },
          {
            "timestamp": "2026-06-30 02:26:35,245",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a5f48000"
              },
              {
                "name": "ModuleName",
                "value": "dwmapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9413
          },
          {
            "timestamp": "2026-06-30 02:26:35,245",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1734d0e9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9414
          },
          {
            "timestamp": "2026-06-30 02:26:35,260",
            "thread_id": "336",
            "caller": "0x7ff70107f0f9",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "512"
              },
              {
                "name": "y",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 9415
          }
        ],
        "threads": [
          "336",
          "2184",
          "2832",
          "2076",
          "1348",
          "4168",
          "3932",
          "3680",
          "4776",
          "4516",
          "280"
        ],
        "environ": {
          "UserName": "Rajesh",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Windows\\system32\\mspaint.exe\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\"",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff700fe0000",
          "MainExeSize": "0x000f9000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 2492,
        "process_name": "WmiPrvSE.exe",
        "parent_id": 756,
        "module_path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
        "first_seen": "2026-06-30 02:26:32,508",
        "calls": [
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff9aaa5c1e7",
            "parentcaller": "0x7ff9aaa5bf7a",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\ncobjapi"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a4240000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a4245be0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff712ff2580"
              },
              {
                "name": "Parameter",
                "value": "0xe2aede000"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "2688",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "2688",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b92f10"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1436",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1436",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b93070"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "2804",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "2804",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b92e50"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "4928",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "4928",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff987b92a40"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712ff2cd1",
            "parentcaller": "0x7ff712ff264a",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x7ff712ff2c80"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fec86e",
            "parentcaller": "0x7ff712fec72a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c0989000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff36d5",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff36d5",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef9ae",
            "parentcaller": "0x7ff712fe8019",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\WBEM\\CIMOM"
              },
              {
                "name": "Handle",
                "value": "0x000001b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WBEM\\CIMOM"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef9f5",
            "parentcaller": "0x7ff712fe8019",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b8"
              },
              {
                "name": "ValueName",
                "value": "Sink Transmit Buffer Size"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\Sink Transmit Buffer Size"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fefa06",
            "parentcaller": "0x7ff712fe8019",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b8"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef8ba",
            "parentcaller": "0x7ff712fe801e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Wbem\\Cimom"
              },
              {
                "name": "Handle",
                "value": "0x000001b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Cimom"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef906",
            "parentcaller": "0x7ff712fe801e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b8"
              },
              {
                "name": "ValueName",
                "value": "DefaultRpcStackSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\DefaultRpcStackSize"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef91f",
            "parentcaller": "0x7ff712fe801e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b8"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca03",
            "parentcaller": "0x7ff712fec74d",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x1b6c0962174",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca74",
            "parentcaller": "0x7ff712fec74d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000074"
              },
              {
                "name": "ValueName",
                "value": "000603xx"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "kernel32.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca74",
            "parentcaller": "0x7ff712fec74d",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3d0000"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca74",
            "parentcaller": "0x7ff712fec74d",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9aa3d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca74",
            "parentcaller": "0x7ff712fec74d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "SortGetHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3da190"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca74",
            "parentcaller": "0x7ff712fec74d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa3d0000"
              },
              {
                "name": "FunctionName",
                "value": "SortCloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa3efe60"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca74",
            "parentcaller": "0x7ff712fec74d",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca74",
            "parentcaller": "0x7ff712fec74d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000204"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000001b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca74",
            "parentcaller": "0x7ff712fec74d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000204"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c2860000"
              },
              {
                "name": "SectionOffset",
                "value": "0xe2ad2f3b0"
              },
              {
                "name": "ViewSize",
                "value": "0x00338000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca74",
            "parentcaller": "0x7ff712fec74d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000204"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca74",
            "parentcaller": "0x7ff712fec74d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b8"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712feca74",
            "parentcaller": "0x7ff712fec74d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000001b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff307c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff307c",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff34c8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff34c8",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff342b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff342b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff3314",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-06-30 02:26:32,680",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff3314",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "USER32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa760000"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "Type",
                "value": "#14"
              },
              {
                "name": "Name",
                "value": "#32513"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "misc",
            "api": "FindResourceExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "Type",
                "value": "#22"
              },
              {
                "name": "Name",
                "value": "#32513"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9aa3c7000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec96b",
            "parentcaller": "0x7ff712fec762",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c098b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff2ff1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff2ff1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff3107",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff3107",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec99f",
            "parentcaller": "0x7ff712fec762",
            "category": "misc",
            "api": "FindResourceExW",
            "status": true,
            "return": "0x1b6c0f307d0",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "Type",
                "value": "#4"
              },
              {
                "name": "Name",
                "value": "#16"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec99f",
            "parentcaller": "0x7ff712fec762",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x1b6c0f31190",
            "arguments": [
              {
                "name": "Module",
                "value": "0x7ff9aa760000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x1b6c0f307d0"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff35f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff35f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1536"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000228"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000022c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000228"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6030000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a603f000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6035000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a6030000"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a6030000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a6033f10"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "93"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x7f7\\x9e}"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000022c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8700000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00083000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8768000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a8700000"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000023c"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000023c"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "A\\xad\\xdf\\x05ln\\xb6\r4\\x87\\x06Z\\x8e<\\xeb\\xc3;\\xfa\\x03:O\\xb1ZS\\xd5*\\x9f\\x08\\x9fo\\xf0S\\xf4\\x93Wp\\x11b\\xf9\\x94_\\xf3I\\xe8\\x17i+^"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\System32\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8700000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7ff9a8738cc0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d12000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a9d12000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec378",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c098d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c0993000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c0995000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xee\\xd2*\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf9\\x7f\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\xf0\\xef\\xd2*\\x0e\\x00\\x00\\x00\\xb2}s\\xa9\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00O\\x14\\xd8\\x87\\xf9\\x7f\\x00\\x00p\\x11\\xd8\\x87\\xf9\\x7f\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff \\xef\\xd2*\\x0e\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x14\\xd8\\x87"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-18_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Classes"
              },
              {
                "name": "Handle",
                "value": "0x00000248"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-06-30 02:26:32,695",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "AppID\\wmiprvse.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\wmiprvse.exe"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "LdrGetProcedureAddress",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlWow64GetCurrentMachine"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa40d80"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "LdrGetProcedureAddress",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlWow64IsWowGuestMachineSupported"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa6c590"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "AppID\\wmiprvse.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\wmiprvse.exe"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xf3\\xd2*\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\xff\\xff\\xff\\xff0\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\xa6\\x01F\\xa8\\xf9\\x7f\\x00\\x00:Z\\xb4?1o\\x00\\x00\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a99e2000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec5a5",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec60b",
            "parentcaller": "0x7ff712feb501",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x7ff9a9600000"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec60b",
            "parentcaller": "0x7ff712feb501",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "0000015B-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec297",
            "parentcaller": "0x7ff712feb513",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000288"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000006"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\Wmi Provider Sub System Counters"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec2ca",
            "parentcaller": "0x7ff712feb513",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000288"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c0f60000"
              },
              {
                "name": "SectionOffset",
                "value": "0xe2ad2f7e0"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1b9",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c1027000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1b9",
            "parentcaller": "0x7ff712feb518",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "EventName",
                "value": "WBEM_ESS_OPEN_FOR_BUSINESS"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1b9",
            "parentcaller": "0x7ff712feb518",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1b9",
            "parentcaller": "0x7ff712feb518",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000029c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1b9",
            "parentcaller": "0x7ff712feb518",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x1b6c1021790"
              },
              {
                "name": "DesiredAccess",
                "value": "0xc0100080",
                "pretty_value": "GENERIC_READ|GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "0"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 9,
            "id": 153
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1b9",
            "parentcaller": "0x7ff712feb518",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff9a4243ca0"
              },
              {
                "name": "Parameter",
                "value": "0x1b6c09988b0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4240"
              },
              {
                "name": "ProcessId",
                "value": "2492"
              },
              {
                "name": "Module",
                "value": "NCObjAPI.DLL"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1b9",
            "parentcaller": "0x7ff712feb518",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x000002a4",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff9a4243ca0"
              },
              {
                "name": "Parameter",
                "value": "0x1b6c09988b0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "4240"
              },
              {
                "name": "ProcessId",
                "value": "2492"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c2ba0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c2ba0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c099a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c099b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c2ba2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c099c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c099d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-06-30 02:26:32,711",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c2ba3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c2ba6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c099f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712fec1ff",
            "parentcaller": "0x7ff712feb518",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c2bab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "4240",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "4240",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9a4243ca0"
              },
              {
                "name": "Parameter",
                "value": "0x1b6c09988b0"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "4240",
            "caller": "0x7ff9a846170f",
            "parentcaller": "0x7ff9a4243cd8",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002b0"
              },
              {
                "name": "EventName",
                "value": "EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb555",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wbemprox"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97fc40000"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb555",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemprox.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc40000"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb555",
            "parentcaller": "0x7ff712fec77a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F811-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff3553",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff3553",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb574",
            "parentcaller": "0x7ff712fec77a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a95f8000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb574",
            "parentcaller": "0x7ff712fec77a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a95f8000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "wmisvc.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc4e000"
              },
              {
                "name": "ModuleName",
                "value": "wbemprox.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc4e000"
              },
              {
                "name": "ModuleName",
                "value": "wbemprox.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "misc",
            "api": "GetComputerNameExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ComputerName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "misc",
            "api": "GetComputerNameExW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-P54VDBR"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff9a977adb0"
              },
              {
                "name": "Parameter",
                "value": "0x1b6c0990b50"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "3024"
              },
              {
                "name": "ProcessId",
                "value": "2492"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "3024",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "3024",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "3024",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9a977adb0"
              },
              {
                "name": "Parameter",
                "value": "0x1b6c0990b50"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "3444",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "3444",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9aaa42ad0"
              },
              {
                "name": "Parameter",
                "value": "0x1b6c0960b50"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "3444",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "3444",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a9c24a33",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002d8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "3444",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09b5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 193
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "3100",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9aaa42ad0"
              },
              {
                "name": "Parameter",
                "value": "0x1b6c0960b50"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000032A-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000149-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000339-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wbemsvc"
              },
              {
                "name": "DllBase",
                "value": "0x7ff97fc20000"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wbemsvc.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc20000"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8BC3F05E-D86B-11D0-A075-00C04FB68820"
              },
              {
                "name": "ClsContext",
                "value": "0x00000014",
                "pretty_value": "CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtQuerySystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-06-30 02:26:32,727",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "misc",
            "api": "GetComputerNameExW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-P54VDBR"
              }
            ],
            "repeated": 1,
            "id": 216
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-l1-2-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8430000"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a8430000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-localization-l1-2-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-obsolete-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff9a8430000"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff9a8430000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-localization-obsolete-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a8430000"
              },
              {
                "name": "FunctionName",
                "value": "GetThreadPreferredUILanguages"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a849f9a0"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a8430000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadPreferredUILanguages"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a84485b0"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a8430000"
              },
              {
                "name": "FunctionName",
                "value": "LocaleNameToLCID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a8499e80"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a8430000"
              },
              {
                "name": "FunctionName",
                "value": "GetLocaleInfoEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a844ebd0"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a8430000"
              },
              {
                "name": "FunctionName",
                "value": "LCIDToLocaleName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a84497f0"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9a8430000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemDefaultLocaleName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9a84af0c0"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "en-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "en-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "en"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "en"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000250"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09b9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Microsoft WBEM (non)Standard Marshaling for IWbemServices"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 255
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000250"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Microsoft WBEM (non)Standard Marshaling for IWbemServices"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 275
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002fc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000002fc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000250"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
              },
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002f8"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-06-30 02:26:32,742",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002fc"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\fastprox.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99dc10000"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x7ff99dc10000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00002008"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "FastProx.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff99dc10000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99dc390e0"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "FastProx.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff99dc10000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetActivationFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "FastProx.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff99dc10000"
              },
              {
                "name": "FunctionName",
                "value": "DllCanUnloadNow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff99dc39030"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aa9f93b0"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa8f9b0"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa32450"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa6f950"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa4cb70"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa53330"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:2492:304:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000300"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002f8"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712feb5bc",
            "parentcaller": "0x7ff712fec77a",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712fedafb",
            "parentcaller": "0x7ff712feb615",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99dd18000"
              },
              {
                "name": "ModuleName",
                "value": "FastProx.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712fedafb",
            "parentcaller": "0x7ff712feb615",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99dd18000"
              },
              {
                "name": "ModuleName",
                "value": "FastProx.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712fedafb",
            "parentcaller": "0x7ff712feb615",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc31000"
              },
              {
                "name": "ModuleName",
                "value": "wbemsvc.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-06-30 02:26:32,758",
            "thread_id": "1536",
            "caller": "0x7ff712fedafb",
            "parentcaller": "0x7ff712feb615",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff97fc31000"
              },
              {
                "name": "ModuleName",
                "value": "wbemsvc.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fedafb",
            "parentcaller": "0x7ff712feb615",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fedafb",
            "parentcaller": "0x7ff712feb615",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\WBEM\\CIMOM"
              },
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WBEM\\CIMOM"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fedafb",
            "parentcaller": "0x7ff712feb615",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              },
              {
                "name": "ValueName",
                "value": "EnableObjectValidation"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\EnableObjectValidation"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fedafb",
            "parentcaller": "0x7ff712feb615",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002fc"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fedc61",
            "parentcaller": "0x7ff712fedb18",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ClearAfter"
              },
              {
                "name": "Value",
                "value": "00000000000030.000000:000"
              },
              {
                "name": "Class",
                "value": "__ObjectProviderCacheControl"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fedb93",
            "parentcaller": "0x7ff712feb615",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fedc61",
            "parentcaller": "0x7ff712fedbb0",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ClearAfter"
              },
              {
                "name": "Value",
                "value": "00000000000030.000000:000"
              },
              {
                "name": "Class",
                "value": "__EventProviderCacheControl"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fe1167",
            "parentcaller": "0x7ff712feb67e",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fe1383",
            "parentcaller": "0x7ff712fe117a",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ThreadsPerHost"
              },
              {
                "name": "Value",
                "value": "256"
              },
              {
                "name": "Class",
                "value": "__ProviderHostQuotaConfiguration"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fe13fc",
            "parentcaller": "0x7ff712fe117a",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "HandlesPerHost"
              },
              {
                "name": "Value",
                "value": "4096"
              },
              {
                "name": "Class",
                "value": "__ProviderHostQuotaConfiguration"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fe1471",
            "parentcaller": "0x7ff712fe117a",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ProcessLimitAllHosts"
              },
              {
                "name": "Value",
                "value": "32"
              },
              {
                "name": "Class",
                "value": "__ProviderHostQuotaConfiguration"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712feb1d8",
            "parentcaller": "0x7ff712feb33c",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000030c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7ff712feb120"
              },
              {
                "name": "Parameter",
                "value": "0x1b6c09b8c90"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2816"
              },
              {
                "name": "ProcessId",
                "value": "2492"
              },
              {
                "name": "Module",
                "value": "wmiprvse.exe"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712feb1d8",
            "parentcaller": "0x7ff712feb33c",
            "category": "threading",
            "api": "CreateRemoteThreadEx",
            "status": true,
            "return": "0x0000030c",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartRoutine",
                "value": "0x7ff712feb120"
              },
              {
                "name": "Parameter",
                "value": "0x1b6c09b8c90"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "2816"
              },
              {
                "name": "ProcessId",
                "value": "2492"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712feb350",
            "parentcaller": "0x7ff712feb763",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000304"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "2816",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "2816",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff712feb120"
              },
              {
                "name": "Parameter",
                "value": "0x1b6c09b8c90"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "2816",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff3277",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "2816",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff3277",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000250"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}"
              },
              {
                "name": "Handle",
                "value": "0x00000328"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000328"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000328"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000328"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Microsoft WMI Provider Subsystem Host"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000328"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000328"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000328"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000328"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000328"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000328"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xbf\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xbd\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00F\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\xeb\\x1c\\xc9\\x11\\x9f\\xe8\\x08\\x00+\\x10H`\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "(8\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x8d\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00ZU\\xb4?1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xf0\\xe9\\xd2*\\x0e\\x00\\x00\\x00\\xe8\\xe9\\xd2*\\x0e\\x00\\x00\\x00\\xb8\\xe9\\xd2*\\x0e\\x00\\x00\\x00\\xd8\\xe9\\xd2*"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x8d\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xe7\\xd2*\\x0e\\x00\\x00\\x00,\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "x\\xbf\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xbe\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "h<\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xa2\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xfai\\xb4?1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00P\\xe6\\xd2*\\x0e\\x00\\x00\\x00H\\xe6\\xd2*\\x0e\\x00\\x00\\x00\\x18\\xe6\\xd2*\\x0e\\x00\\x00\\x008\\xe6\\xd2*"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xa2\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xe4\\xd2*\\x0e\\x00\\x00\\x00,\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fea124",
            "parentcaller": "0x7ff712feb77b",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff31a4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "1536",
            "caller": "0x7ff712fef292",
            "parentcaller": "0x7ff712ff31a4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff71304c000"
              },
              {
                "name": "ModuleName",
                "value": "wmiprvse.exe"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\tI\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x10\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a97384fa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000338-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa33f6a",
            "parentcaller": "0x7ff9a9bff557",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a9bff351",
            "parentcaller": "0x7ff9a9bfd90f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000032c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a846b0fb",
            "parentcaller": "0x7ff9a9bff42f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000328"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa28cde",
            "parentcaller": "0x7ff9aaa69b6e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56d66",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xc0\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56dbb",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xbe\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56de0",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e2e",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8;\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e57",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56eaf",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xa2\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f68",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xca\\x0bY>1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00`\\xc8?+\\x0e\\x00\\x00\\x00X\\xc8?+\\x0e\\x00\\x00\\x00(\\xc8?+\\x0e\\x00\\x00\\x00H\\xc8?+"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f9b",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xa2\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00H\\xc6?+\\x0e\\x00\\x00\\x00(\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa28cde",
            "parentcaller": "0x7ff9aaa2953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56d66",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xb6\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56dbb",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xba\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56de0",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e2e",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08=\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e57",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56eaf",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xa2\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f68",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00j\\x08Y>1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xc0\\xc4?+\\x0e\\x00\\x00\\x00\\xb8\\xc4?+\\x0e\\x00\\x00\\x00\\x88\\xc4?+\\x0e\\x00\\x00\\x00\\xa8\\xc4?+"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f9b",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xa2\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xa8\\xc2?+\\x0e\\x00\\x00\\x00(\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a9bff4a7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a9bff4c9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000328"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{B7B31DF9-D515-11D3-A11C-00105A1F515A}"
              },
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{B7B31DF9-D515-11D3-A11C-00105A1F515A}"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a9768313",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000032c"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a976834e",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a9768377",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a9768388",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa33f6a",
            "parentcaller": "0x7ff9a9bff557",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a9bff351",
            "parentcaller": "0x7ff9a9bfd90f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000032c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a846b0fb",
            "parentcaller": "0x7ff9a9bff42f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa28cde",
            "parentcaller": "0x7ff9aaa69b6e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56d66",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xb8\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56dbb",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xb5\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56de0",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e2e",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x886\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e57",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56eaf",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x8d\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f68",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xfa\\x7fY>1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00P\\xd4?+\\x0e\\x00\\x00\\x00H\\xd4?+\\x0e\\x00\\x00\\x00\\x18\\xd4?+\\x0e\\x00\\x00\\x008\\xd4?+"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f9b",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x8d\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xd2?+\\x0e\\x00\\x00\\x000\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa28cde",
            "parentcaller": "0x7ff9aaa2953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56d66",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xb7\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56dbb",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xbc\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56de0",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e2e",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc85\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e57",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56eaf",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "h%\\x9c\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f68",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\x1a|Y>1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xb0\\xd0?+\\x0e\\x00\\x00\\x00\\xa8\\xd0?+\\x0e\\x00\\x00\\x00x\\xd0?+\\x0e\\x00\\x00\\x00\\x98\\xd0?+"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f9b",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`%\\x9c\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xce?+\\x0e\\x00\\x00\\x000\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a9bff4a7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a9bff4c9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{07435309-D440-41B7-83F3-EB82DB6C622F}"
              },
              {
                "name": "Handle",
                "value": "0x00000330"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{07435309-D440-41B7-83F3-EB82DB6C622F}"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a9768313",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000330"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{07435309-D440-41B7-83F3-EB82DB6C622F}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a976834e",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{07435309-D440-41B7-83F3-EB82DB6C622F}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a9768377",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a9768388",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa33f6a",
            "parentcaller": "0x7ff9a9bff557",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a9bff351",
            "parentcaller": "0x7ff9a9bfd90f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000330"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a846b0fb",
            "parentcaller": "0x7ff9a9bff42f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa28cde",
            "parentcaller": "0x7ff9aaa69b6e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56d66",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xb8\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56dbb",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xbb\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56de0",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e2e",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88;\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e57",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56eaf",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x8d\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f68",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xfa\\x7fY>1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00P\\xd4?+\\x0e\\x00\\x00\\x00H\\xd4?+\\x0e\\x00\\x00\\x00\\x18\\xd4?+\\x0e\\x00\\x00\\x008\\xd4?+"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f9b",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x8d\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xd2?+\\x0e\\x00\\x00\\x00,\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa28cde",
            "parentcaller": "0x7ff9aaa2953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56d66",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xc2\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56dbb",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xbe\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56de0",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e2e",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe88\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56e57",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56eaf",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "h%\\x9c\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f68",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\x1a|Y>1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xb0\\xd0?+\\x0e\\x00\\x00\\x00\\xa8\\xd0?+\\x0e\\x00\\x00\\x00x\\xd0?+\\x0e\\x00\\x00\\x00\\x98\\xd0?+"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9aaa56f9b",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`%\\x9c\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x98\\xce?+\\x0e\\x00\\x00\\x00,\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a9bff4a7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000330"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a9bff4c9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000032c"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3100",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a9c24a33",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000338"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-06-30 02:26:32,773",
            "thread_id": "3100",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": ".I\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00+I\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "7I\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x004I\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}"
              },
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a9768313",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000340"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a976834e",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a9768377",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a9768388",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa33f6a",
            "parentcaller": "0x7ff9a9bff557",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a9bff351",
            "parentcaller": "0x7ff9a9bfd90f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a846b0fb",
            "parentcaller": "0x7ff9a9bff42f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa28cde",
            "parentcaller": "0x7ff9aaa69b6e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56d66",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xc0\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56dbb",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xbc\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56de0",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56e2e",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc85\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56e57",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56eaf",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x8d\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56f68",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00Z\n!>1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xf0\\xc6G+\\x0e\\x00\\x00\\x00\\xe8\\xc6G+\\x0e\\x00\\x00\\x00\\xb8\\xc6G+\\x0e\\x00\\x00\\x00\\xd8\\xc6G+"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56f9b",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x8d\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xc4G+\\x0e\\x00\\x00\\x00@\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa28cde",
            "parentcaller": "0x7ff9aaa2953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56d66",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc1\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56dbb",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xb5\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56de0",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56e2e",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x086\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56e57",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56eaf",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "h%\\x9c\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56f68",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xfa\\x0e!>1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00P\\xc3G+\\x0e\\x00\\x00\\x00H\\xc3G+\\x0e\\x00\\x00\\x00\\x18\\xc3G+\\x0e\\x00\\x00\\x008\\xc3G+"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56f9b",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`%\\x9c\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xc1G+\\x0e\\x00\\x00\\x00@\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a9bff4a7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a9bff4c9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a97092aa",
            "parentcaller": "0x7ff9a97090af",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}"
              },
              {
                "name": "Handle",
                "value": "0x00000340"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a9768313",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000340"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a976834e",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a9768377",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a9768388",
            "parentcaller": "0x7ff9a96e293b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa33f6a",
            "parentcaller": "0x7ff9a9bff557",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a9bff351",
            "parentcaller": "0x7ff9a9bfd90f",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000340"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a846b0fb",
            "parentcaller": "0x7ff9a9bff42f",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa28cde",
            "parentcaller": "0x7ff9aaa69b6e",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56d66",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xb7\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00W\\x00M\\x00I\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00 \\x00S\\x00u\\x00b\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x00 \\x00H\\x00o\\x00s\\x00t\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56dbb",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xb4\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56de0",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56e2e",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x086\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56e57",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56eaf",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\x8d\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56f68",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00Zs!>1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00\\xf0\\xcfG+\\x0e\\x00\\x00\\x00\\xe8\\xcfG+\\x0e\\x00\\x00\\x00\\xb8\\xcfG+\\x0e\\x00\\x00\\x00\\xd8\\xcfG+"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56f9b",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\x8d\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\xd8\\xcdG+\\x0e\\x00\\x00\\x00<\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa28cde",
            "parentcaller": "0x7ff9aaa2953a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4.\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00-\\xf3\\x1c\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56d66",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xbc\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56dbb",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xb5\\x9b\\xc0\\xb6\\x01\\x00\\x00`\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56de0",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56e2e",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x889\\x9b\\xc0\\xb6\\x01\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56e57",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56eaf",
            "parentcaller": "0x7ff9aaa28d8f",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "h%\\x9c\\xc0\\xb6\\x01\\x00\\x00\\x02\\x00d\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x04\\x00\\x00\\x00\\x00\\x00(\\x00\\x00\\x00\\x00\\x10\\x01\\x06\\x00\\x00\\x00\\x00\\x00\\x05P\\x00\\x00\\x00Z\\x04\\x8d\\xdf\\xf9\\xc7C\n\\xb4P\\xd4\\xe7Gz!r\\xabAp\\xf4\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56f68",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xa1\\xdb\\x87\\xf9\\x7f\\x00\\x00\\xfbR\\xb3\\x87\\xf9\\x7f\\x00\\x00\\xfaw!>1o\\x00\\x00\\x88\\xa1\\xd7\\x87\\xf9\\x7f\\x00\\x00P\\xccG+\\x0e\\x00\\x00\\x00H\\xccG+\\x0e\\x00\\x00\\x00\\x18\\xccG+\\x0e\\x00\\x00\\x008\\xccG+"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aaa56f9b",
            "parentcaller": "0x7ff9aaa56ec8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00`%\\x9c\\xc0\\xb6\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x99\\xdb\\xb4\\x87\\xf9\\x7f\\x00\\x00#\\x00\\x00\\xc0\\x00\\x00\\x00\\x008\\xcaG+\\x0e\\x00\\x00\\x00<\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9a\\x00\\xc0j\\xf9\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00V\\xf6\\xd7\\x87"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a9bff4a7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a9bff4c9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a97384fa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff99dc3b02d",
            "parentcaller": "0x7ff99dc3a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff99dc3b02d",
            "parentcaller": "0x7ff99dc3a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff712fef038",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\wbem\\wmiutils"
              },
              {
                "name": "DllBase",
                "value": "0x7ff99e310000"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff712fef038",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wbem\\wmiutils.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x7ff99e310000"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff712fef038",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9aa9fe715",
            "parentcaller": "0x7ff9aa9fe37b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-06-30 02:26:32,789",
            "thread_id": "3100",
            "caller": "0x7ff9a84801fc",
            "parentcaller": "0x7ff9a96d879f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000330"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3100",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8aI\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x87I\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3100",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90I\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xb8\\x0f\\x00\\x00'\\x00\\x00\\x00\\x1c\\x00\\x00\\x00<.\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a97384fa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe1cb2",
            "parentcaller": "0x7ff712fe1a68",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000344"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "2408",
            "caller": "0x7ff9aaa64f9d",
            "parentcaller": "0x7ff9aaa64b63",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "2408",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x7ff9aaa42ad0"
              },
              {
                "name": "Parameter",
                "value": "0x1b6c0960b50"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe1cb2",
            "parentcaller": "0x7ff712fe1a68",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe26d3",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Version"
              },
              {
                "name": "Value",
                "value": "1"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2765",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Name"
              },
              {
                "name": "Value",
                "value": "InvProv"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2810",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Enabled"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe28a2",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "CLSID"
              },
              {
                "name": "Value",
                "value": "{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4c69",
            "parentcaller": "0x7ff712fe3a32",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4112",
            "parentcaller": "0x7ff712fe3c3a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe41aa",
            "parentcaller": "0x7ff712fe3c3a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4112",
            "parentcaller": "0x7ff712ff68a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe41aa",
            "parentcaller": "0x7ff712ff68a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe3d53",
            "parentcaller": "0x7ff712fe3c9f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe3e6b",
            "parentcaller": "0x7ff712fe3cb2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe3a94",
            "parentcaller": "0x7ff712fe28ef",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2958",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ClientLoadableCLSID"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe29ee",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "DefaultMachineName"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2a86",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "UnloadTimeout"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2b25",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ImpersonationLevel"
              },
              {
                "name": "Value",
                "value": "1"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2bbd",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsSendStatus"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2c4f",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsShutdown"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2cde",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsQuotas"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2d6d",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "OperationTimeoutInterval"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2e05",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializationTimeoutInterval"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2e9d",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsThrottling"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2f2c",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": false,
            "return": "0xffffffff80041002",
            "arguments": [
              {
                "name": "Name",
                "value": "ConcurrentIndependantRequests"
              },
              {
                "name": "Value",
                "value": "Unhandled VARIANT Type: 0"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe2fa6",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializationReentrancy"
              },
              {
                "name": "Value",
                "value": "0"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe3036",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializeAsAdminFirst"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe30c5",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "PerUserInitialization"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe3154",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "PerLocaleInitialization"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe31e6",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Pure"
              },
              {
                "name": "Value",
                "value": "TRUE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe327a",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "HostingModel"
              },
              {
                "name": "Value",
                "value": "LocalSystemHost"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe3348",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SecurityDescriptor"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{027947E1-D731-11CE-A357-000000000001}"
              },
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000250"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 604
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000250"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TreatAs"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "ActivateOnHostFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": "InprocServer32"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "%systemroot%\\system32\\wbem\\fastprox.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 1,
            "id": 624
          },
          {
            "timestamp": "2026-06-30 02:26:32,805",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": "ThreadingModel"
              },
              {
                "name": "Data",
                "value": "Both"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "InprocHandler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "ValueName",
                "value": "AppID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\AppID"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000033c"
              },
              {
                "name": "KeyInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000033c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "LocalServer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000250"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000034c"
              },
              {
                "name": "SubKey",
                "value": "Elevation"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Elevation"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              },
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "TreatAs"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}"
              },
              {
                "name": "Handle",
                "value": "0x00000350"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000350"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x00000354"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000350"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}"
              },
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000033c"
              },
              {
                "name": "SubKey",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "{7C857801-7381-11CF-884D-00AA004B2E24}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000034c"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe1d75",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsPut"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe1dfb",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsGet"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe1e86",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsDelete"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe1f0c",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsEnumeration"
              },
              {
                "name": "Value",
                "value": "TRUE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe1f97",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsBatching"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe201c",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsTransactions"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe20a1",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "QuerySupportLevels"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe212a",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InteractionType"
              },
              {
                "name": "Value",
                "value": "0"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe56cb",
            "parentcaller": "0x7ff712fe5514",
            "category": "com",
            "api": "CoGetClassObject",
            "status": false,
            "return": "0xffffffff80040154",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe5a00",
            "parentcaller": "0x7ff712fe1b65",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe5a00",
            "parentcaller": "0x7ff712fe1b65",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "EtwEventRegister"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa32e70"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe5a00",
            "parentcaller": "0x7ff712fe1b65",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "EtwEventUnregister"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa40380"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe5a00",
            "parentcaller": "0x7ff712fe1b65",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "EtwEventWrite"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa3f1a0"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe5a00",
            "parentcaller": "0x7ff712fe1b65",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "EtwEventActivityIdControl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa4b690"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe5a00",
            "parentcaller": "0x7ff712fe1b65",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "EtwEventWriteTransfer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa3f1e0"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe5a00",
            "parentcaller": "0x7ff712fe1b65",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x7ff9aa9f0000"
              },
              {
                "name": "FunctionName",
                "value": "EtwEventEnabled"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7ff9aaa40d00"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff712fe5a00",
            "parentcaller": "0x7ff712fe1b65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09cd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "xJ\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00qJ\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a97384fa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-06-30 02:26:32,820",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff99dc3b02d",
            "parentcaller": "0x7ff99dc3a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff99dc3b02d",
            "parentcaller": "0x7ff99dc3a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fef038",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc7J\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\xc2J\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a97384fa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe1cb2",
            "parentcaller": "0x7ff712fe1a68",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe26d3",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Version"
              },
              {
                "name": "Value",
                "value": "1"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2765",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Name"
              },
              {
                "name": "Value",
                "value": "InvProv"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2810",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Enabled"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe28a2",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "CLSID"
              },
              {
                "name": "Value",
                "value": "{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe4112",
            "parentcaller": "0x7ff712fe3c3a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe41aa",
            "parentcaller": "0x7ff712fe3c3a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe4112",
            "parentcaller": "0x7ff712ff68a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe41aa",
            "parentcaller": "0x7ff712ff68a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe3d53",
            "parentcaller": "0x7ff712fe3c9f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe3e6b",
            "parentcaller": "0x7ff712fe3cb2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe3a94",
            "parentcaller": "0x7ff712fe28ef",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2958",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ClientLoadableCLSID"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe29ee",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "DefaultMachineName"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2a86",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "UnloadTimeout"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2b25",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ImpersonationLevel"
              },
              {
                "name": "Value",
                "value": "1"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2bbd",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsSendStatus"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2c4f",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsShutdown"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2cde",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsQuotas"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2d6d",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "OperationTimeoutInterval"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2e05",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializationTimeoutInterval"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2e9d",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsThrottling"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2f2c",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": false,
            "return": "0xffffffff80041002",
            "arguments": [
              {
                "name": "Name",
                "value": "ConcurrentIndependantRequests"
              },
              {
                "name": "Value",
                "value": "Unhandled VARIANT Type: 0"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe2fa6",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializationReentrancy"
              },
              {
                "name": "Value",
                "value": "0"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe3036",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializeAsAdminFirst"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe30c5",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "PerUserInitialization"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe3154",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "PerLocaleInitialization"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe31e6",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Pure"
              },
              {
                "name": "Value",
                "value": "TRUE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe327a",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "HostingModel"
              },
              {
                "name": "Value",
                "value": "LocalSystemHost"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe3348",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SecurityDescriptor"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe4ef3",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b6c09d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe1d75",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsPut"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe1dfb",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsGet"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe1e86",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsDelete"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe1f0c",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsEnumeration"
              },
              {
                "name": "Value",
                "value": "TRUE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe1f97",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsBatching"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe201c",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsTransactions"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe20a1",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "QuerySupportLevels"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe212a",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InteractionType"
              },
              {
                "name": "Value",
                "value": "0"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff712fe56cb",
            "parentcaller": "0x7ff712fe5514",
            "category": "com",
            "api": "CoGetClassObject",
            "status": false,
            "return": "0xffffffff80040154",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\x82K\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x7fK\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a97384fa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff99dc3b02d",
            "parentcaller": "0x7ff99dc3a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-06-30 02:26:32,836",
            "thread_id": "3444",
            "caller": "0x7ff99dc3b02d",
            "parentcaller": "0x7ff99dc3a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fef038",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe1K\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\xdcK\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xeaK\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xb8\\x0f\\x00\\x00'\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\xbeJ\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a97384fa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe1cb2",
            "parentcaller": "0x7ff712fe1a68",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe26d3",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Version"
              },
              {
                "name": "Value",
                "value": "1"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2765",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Name"
              },
              {
                "name": "Value",
                "value": "InvProv"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2810",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Enabled"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe28a2",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "CLSID"
              },
              {
                "name": "Value",
                "value": "{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe4112",
            "parentcaller": "0x7ff712fe3c3a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe41aa",
            "parentcaller": "0x7ff712fe3c3a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe4112",
            "parentcaller": "0x7ff712ff68a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe41aa",
            "parentcaller": "0x7ff712ff68a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe3d53",
            "parentcaller": "0x7ff712fe3c9f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe3e6b",
            "parentcaller": "0x7ff712fe3cb2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe3a94",
            "parentcaller": "0x7ff712fe28ef",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2958",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ClientLoadableCLSID"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe29ee",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "DefaultMachineName"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2a86",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "UnloadTimeout"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2b25",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ImpersonationLevel"
              },
              {
                "name": "Value",
                "value": "1"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2bbd",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsSendStatus"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2c4f",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsShutdown"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2cde",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsQuotas"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2d6d",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "OperationTimeoutInterval"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2e05",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializationTimeoutInterval"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2e9d",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsThrottling"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2f2c",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": false,
            "return": "0xffffffff80041002",
            "arguments": [
              {
                "name": "Name",
                "value": "ConcurrentIndependantRequests"
              },
              {
                "name": "Value",
                "value": "Unhandled VARIANT Type: 0"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe2fa6",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializationReentrancy"
              },
              {
                "name": "Value",
                "value": "0"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe3036",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializeAsAdminFirst"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe30c5",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "PerUserInitialization"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe3154",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "PerLocaleInitialization"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe31e6",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Pure"
              },
              {
                "name": "Value",
                "value": "TRUE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe327a",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "HostingModel"
              },
              {
                "name": "Value",
                "value": "LocalSystemHost"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe3348",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SecurityDescriptor"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe1d75",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsPut"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe1dfb",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsGet"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe1e86",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsDelete"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe1f0c",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsEnumeration"
              },
              {
                "name": "Value",
                "value": "TRUE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe1f97",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsBatching"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe201c",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsTransactions"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe20a1",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "QuerySupportLevels"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe212a",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InteractionType"
              },
              {
                "name": "Value",
                "value": "0"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff712fe56cb",
            "parentcaller": "0x7ff712fe5514",
            "category": "com",
            "api": "CoGetClassObject",
            "status": false,
            "return": "0xffffffff80040154",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xdeL\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\xdbL\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000354"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a97384fa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff99dc3b02d",
            "parentcaller": "0x7ff99dc3a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff9a8451a8e",
            "parentcaller": "0x7ff9a9766a91",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-06-30 02:26:32,852",
            "thread_id": "3444",
            "caller": "0x7ff99dc3b02d",
            "parentcaller": "0x7ff99dc3a607",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fef038",
            "parentcaller": "0x00000000",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3BC15AF2-736C-477E-9E51-238AF8667DCC"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\x12M\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x90\\x0f\\x00\\x00\\x0b\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x0fM\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a96da750",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\x17M\\x1e\\x00\\x00\\x00\\x00\\x00\\xe7\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x90\\xebL\\xb6&u \\x06\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\xb8\\x0f\\x00\\x00'\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\xd4K\\x1e\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff9a845a3c5",
            "parentcaller": "0x7ff9a96da6fa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000358"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff9a845ac4b",
            "parentcaller": "0x7ff9a97384fa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff9a96e6f09",
            "parentcaller": "0x7ff9a976771d",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "674B6698-EE92-11D0-AD71-00C04FD8FDFF"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe1cb2",
            "parentcaller": "0x7ff712fe1a68",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "4590F812-1D3A-11D0-891F-00AA004B2E24"
              },
              {
                "name": "ClsContext",
                "value": "0x00000403",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "00000003-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe26d3",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Version"
              },
              {
                "name": "Value",
                "value": "1"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2765",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Name"
              },
              {
                "name": "Value",
                "value": "InvProv"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2810",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Enabled"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe28a2",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "CLSID"
              },
              {
                "name": "Value",
                "value": "{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe4112",
            "parentcaller": "0x7ff712fe3c3a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe41aa",
            "parentcaller": "0x7ff712fe3c3a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe4112",
            "parentcaller": "0x7ff712ff68a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe41aa",
            "parentcaller": "0x7ff712ff68a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe3d53",
            "parentcaller": "0x7ff712fe3c9f",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe3e6b",
            "parentcaller": "0x7ff712fe3cb2",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe3a94",
            "parentcaller": "0x7ff712fe28ef",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2958",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ClientLoadableCLSID"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe29ee",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "DefaultMachineName"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2a86",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "UnloadTimeout"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2b25",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "ImpersonationLevel"
              },
              {
                "name": "Value",
                "value": "1"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2bbd",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsSendStatus"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2c4f",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsShutdown"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2cde",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsQuotas"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2d6d",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "OperationTimeoutInterval"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2e05",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializationTimeoutInterval"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2e9d",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsThrottling"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2f2c",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": false,
            "return": "0xffffffff80041002",
            "arguments": [
              {
                "name": "Name",
                "value": "ConcurrentIndependantRequests"
              },
              {
                "name": "Value",
                "value": "Unhandled VARIANT Type: 0"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe2fa6",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializationReentrancy"
              },
              {
                "name": "Value",
                "value": "0"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe3036",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InitializeAsAdminFirst"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe30c5",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "PerUserInitialization"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe3154",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "PerLocaleInitialization"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe31e6",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Pure"
              },
              {
                "name": "Value",
                "value": "TRUE"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe327a",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "HostingModel"
              },
              {
                "name": "Value",
                "value": "LocalSystemHost"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe3348",
            "parentcaller": "0x7ff712fe1cca",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SecurityDescriptor"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__Win32Provider"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe4e98",
            "parentcaller": "0x7ff712fe1ab3",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "E7D35CFA-348B-485E-B524-252725D697CA"
              },
              {
                "name": "ClsContext",
                "value": "0x80000001",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_PS_DLL"
              },
              {
                "name": "riid",
                "value": "D5F569D0-593B-101A-B569-08002B2DBF7A"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe1d75",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsPut"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe1dfb",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsGet"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe1e86",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsDelete"
              },
              {
                "name": "Value",
                "value": "FALSE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe1f0c",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsEnumeration"
              },
              {
                "name": "Value",
                "value": "TRUE"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe1f97",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsBatching"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe201c",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "SupportsTransactions"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe20a1",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "QuerySupportLevels"
              },
              {
                "name": "Value",
                "value": "NULL"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe212a",
            "parentcaller": "0x7ff712fe5043",
            "category": "system",
            "api": "WMI_Get",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "InteractionType"
              },
              {
                "name": "Value",
                "value": "0"
              },
              {
                "name": "Class",
                "value": "__InstanceProviderRegistration"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-06-30 02:26:32,867",
            "thread_id": "3444",
            "caller": "0x7ff712fe56cb",
            "parentcaller": "0x7ff712fe5514",
            "category": "com",
            "api": "CoGetClassObject",
            "status": false,
            "return": "0xffffffff80040154",
            "arguments": [
              {
                "name": "rclsid",
                "value": "F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 851
          }
        ],
        "threads": [
          "1536",
          "2688",
          "1436",
          "2804",
          "4928",
          "4240",
          "3024",
          "3444",
          "3100",
          "2816",
          "2408"
        ],
        "environ": {
          "UserName": "SYSTEM",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff712fe0000",
          "MainExeSize": "0x0007e000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      }
    ],
    "anomaly": [],
    "processtree": [
      {
        "name": "cmd.exe",
        "pid": 3864,
        "parent_id": 2892,
        "module_path": "C:\\Windows\\System32\\cmd.exe",
        "children": [
          {
            "name": "mspaint.exe",
            "pid": 4504,
            "parent_id": 3864,
            "module_path": "C:\\Windows\\System32\\mspaint.exe",
            "children": [],
            "threads": [
              "336",
              "2184",
              "2832",
              "2076",
              "1348",
              "4168",
              "3932",
              "3680",
              "4776",
              "4516",
              "280"
            ],
            "environ": {
              "UserName": "Rajesh",
              "ComputerName": "DESKTOP-P54VDBR",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\",
              "CommandLine": "\"C:\\Windows\\system32\\mspaint.exe\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\"",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "1c64-b66f",
              "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
              "MachineGUID": "",
              "MainExeBase": "0x7ff700fe0000",
              "MainExeSize": "0x000f9000",
              "Bitness": "64-bit"
            }
          }
        ],
        "threads": [
          "2716",
          "4512",
          "4812",
          "4284",
          "1944",
          "960",
          "3892",
          "4196",
          "4108"
        ],
        "environ": {
          "UserName": "Rajesh",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Windows\\system32\\cmd.exe\" /c start /wait \"\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\"",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff79a450000",
          "MainExeSize": "0x00067000",
          "Bitness": "64-bit"
        }
      },
      {
        "name": "svchost.exe",
        "pid": 756,
        "parent_id": 632,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "children": [
          {
            "name": "WmiPrvSE.exe",
            "pid": 2492,
            "parent_id": 756,
            "module_path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
            "children": [],
            "threads": [
              "1536",
              "2688",
              "1436",
              "2804",
              "4928",
              "4240",
              "3024",
              "3444",
              "3100",
              "2816",
              "2408"
            ],
            "environ": {
              "UserName": "SYSTEM",
              "ComputerName": "DESKTOP-P54VDBR",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Windows\\TEMP\\",
              "CommandLine": "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "1c64-b66f",
              "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
              "MachineGUID": "",
              "MainExeBase": "0x7ff712fe0000",
              "MainExeSize": "0x0007e000",
              "Bitness": "64-bit"
            }
          }
        ],
        "threads": [
          "3624",
          "1176"
        ],
        "environ": {
          "UserName": "SYSTEM",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff69d480000",
          "MainExeSize": "0x00011000",
          "Bitness": "64-bit"
        }
      }
    ],
    "summary": {
      "files": [
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp",
        "C:\\Users",
        "C:\\Users\\Rajesh",
        "C:\\Users\\Rajesh\\AppData",
        "C:\\Users\\Rajesh\\AppData\\Local",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg",
        "C:\\Windows\\System32\\kernel.appcore.dll",
        "\\Device\\CNG",
        "\\Device\\DeviceApi\\CMApi",
        "\\??\\MountPointManager",
        "\\??\\PhysicalDrive0",
        "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
        "C:\\Windows\\WindowsShell.Manifest",
        "C:\\Windows\\System32\\C_1256.NLS",
        "C:\\Windows\\System32\\msctf.dll",
        "C:\\Windows\\System32\\C_1251.NLS",
        "C:\\Windows\\System32\\C_1254.NLS",
        "C:\\Windows\\System32\\C_1250.NLS",
        "C:\\Windows\\System32\\C_1253.NLS",
        "C:\\",
        "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
        "C:\\Windows\\System32\\en-US\\UIRibbon.dll.mui",
        "C:\\Windows\\System32\\dwmapi.dll",
        "C:\\Windows\\Fonts\\staticcache.dat",
        "C:\\Windows\\System32\\TextShaping.dll",
        "C:\\Windows\\System32\\en-US\\tzres.dll.mui",
        "C:\\Windows\\System32\\cfgmgr32.dll",
        "\\??\\STORAGE#Volume#{1c192ddb-7371-11f1-9cd4-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",
        "\\??\\STORAGE#Volume#{1c192ddb-7371-11f1-9cd4-806e6f6e6963}#00000008E0100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db",
        "C:\\Users\\desktop.ini",
        "C:\\Users\\Rajesh\\Desktop\\desktop.ini",
        "C:\\Windows\\System32\\profapi.dll",
        "C:\\Users\\Rajesh\\Documents\\desktop.ini",
        "C:\\Users\\Rajesh\\Music\\desktop.ini",
        "C:\\Users\\Rajesh\\Pictures\\desktop.ini",
        "C:\\Users\\Rajesh\\Videos\\desktop.ini",
        "C:\\Users\\Rajesh\\Downloads\\desktop.ini",
        "C:\\Users\\Rajesh\\Searches\\desktop.ini",
        "C:\\Users\\Rajesh\\Contacts\\desktop.ini",
        "C:\\Users\\Rajesh\\Favorites\\desktop.ini",
        "C:\\Users\\Rajesh\\Links\\desktop.ini",
        "C:\\Users\\Rajesh\\Saved Games\\desktop.ini",
        "C:\\Windows\\System32\\uxtheme.dll.Config",
        "C:\\Windows\\System32\\uxtheme.dll",
        "C:\\Windows\\System32\\textinputframework.dll",
        "C:\\Windows\\System32\\CoreUIComponents.dll",
        "C:\\Windows\\System32\\CoreMessaging.dll",
        "C:\\Windows\\System32\\ntmarta.dll",
        "C:\\Windows\\win.ini",
        "C:\\Windows\\System32\\mapi32.dll",
        "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM"
      ],
      "read_files": [],
      "write_files": [
        "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM"
      ],
      "delete_files": [],
      "keys": [
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DisableUNCCheck",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\EnableExtensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DelayedExpansion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DefaultColor",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\CompletionChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\PathCompletionChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\AutoRun",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
        "HKEY_CURRENT_USER",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Generation",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Generation",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\Diagnosis",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\af-ZA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\af-ZA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\am-ET",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\am-ET",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-AE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-AE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1256",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-BH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-BH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-DZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-DZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-EG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-EG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-IQ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-IQ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-JO",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-JO",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-KW",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-KW",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-LB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-LB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-LY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-LY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-MA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-MA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-OM",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-OM",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-QA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-QA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-SA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-SA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-SY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-SY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-TN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-TN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-YE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-YE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\arn-CL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\arn-CL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\as-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\as-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\az-Cyrl-AZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\az-Cyrl-AZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1251",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\az-Latn-AZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\az-Latn-AZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1254",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ba-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ba-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\be-BY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\be-BY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bg-BG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bg-BG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bin-NG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bin-NG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bn-BD",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bn-BD",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bn-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bn-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bo-CN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bo-CN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\br-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\br-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bs-Cyrl-BA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bs-Cyrl-BA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bs-Latn-BA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bs-Latn-BA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1250",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES-valencia",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES-valencia",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\chr-Cher-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\chr-Cher-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\co-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\co-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cs-CZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cs-CZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cy-GB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cy-GB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\da-DK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\da-DK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-AT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-AT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-CH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-CH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-LI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-LI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-LU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-LU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dsb-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dsb-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dv-MV",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dv-MV",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dz-BT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dz-BT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\el-GR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\el-GR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1253",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-029",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-029",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-BZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-BZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-CA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-CA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-GB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-GB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-HK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-HK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-ID",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-ID",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-IE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-IE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-JM",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-JM",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-MY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-MY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-NZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-NZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-PH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-PH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-SG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-SG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-TT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-TT",
        "HKEY_CURRENT_USER\\software",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File1",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File2",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File3",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File4",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File5",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File6",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File7",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File8",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File9",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Settings",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Settings\\PreviewPages",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\NoStretching",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowThumbnail",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowAllFiles",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\BMPWidth",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\BMPHeight",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\WindowPlacement",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbXPos",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbYPos",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbWidth",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbHeight",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\UnitSetting",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowRulers",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowGrid",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowStatusBar",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\ShowTextTool",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PointSize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Bold",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Underline",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Italic",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Strikeout",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PositionX",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PositionY",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\TypeFaceName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MinimumDistance",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MaximumDistance",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MinimumTime",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MaximumTime",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\CharSet",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\TextPen",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\SnapToGrid",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\GridExtent",
        "HKEY_CURRENT_USER\\Software",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\CustomAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\XAML",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
        "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\mspaint.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{C50898F6-C536-5F47-8583-8B2C2438A13B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{c50898f6-c536-5f47-8583-8b2c2438a13b}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{c50898f6-c536-5f47-8583-8b2c2438a13b}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler32",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\AppID",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{5E38B83C-8CF1-11D1-BF92-0060081ED811}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5E38B83C-8CF1-11D1-BF92-0060081ED811}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5E38B83C-8CF1-11D1-BF92-0060081ED811}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\StiSvc",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\stisvc\\ObjectName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\mspaint.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Ribbon",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Ribbon\\QatItems",
        "HKEY_CLASSES_ROOT\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}\\CLSID",
        "HKEY_CLASSES_ROOT\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceManufacturer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceModels",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportAnimation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportChromakey",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportLossless",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportMultiframe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ArbitrationPriority",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Formats",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\CLSID",
        "HKEY_CLASSES_ROOT\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceManufacturer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceModels",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportAnimation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportChromakey",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportLossless",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportMultiframe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ArbitrationPriority",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Formats",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask",
        "HKEY_CLASSES_ROOT\\CLSID\\{699745C2-5066-4B82-A8E3-D40478DBEC8C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{699745C2-5066-4B82-A8E3-D40478DBEC8C}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{43324B33-A78F-480F-9111-9638AACCC832}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{43324B33-A78F-480F-9111-9638AACCC832}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{DDE33513-774E-4BCD-AE79-02F4ADFE62FC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DDE33513-774E-4BCD-AE79-02F4ADFE62FC}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{AA7E3C50-864C-4604-BC04-8B0B76E637F6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA7E3C50-864C-4604-BC04-8B0B76E637F6}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{8F914656-9D0A-4EB2-9019-0BF96D8A9EE6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8F914656-9D0A-4EB2-9019-0BF96D8A9EE6}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{50D42F09-ECD1-4B41-B65D-DA1FDAA75663}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{50D42F09-ECD1-4B41-B65D-DA1FDAA75663}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{D9403860-297F-4A49-BF9B-77898150A442}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D9403860-297F-4A49-BF9B-77898150A442}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{3697790B-223B-484E-9925-C4869218F17A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3697790B-223B-484E-9925-C4869218F17A}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{B5C8B898-0074-459F-B700-860D4651EA14}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B5C8B898-0074-459F-B700-860D4651EA14}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{FB012959-F4F6-44D7-9D09-DAA087A9DB57}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FB012959-F4F6-44D7-9D09-DAA087A9DB57}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{03012959-F4F6-44D7-9D09-DAA087A9DB57}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{03012959-F4F6-44D7-9D09-DAA087A9DB57}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{D4DCD3D7-B4C2-47D9-A6BF-B89BA396A4A3}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D4DCD3D7-B4C2-47D9-A6BF-B89BA396A4A3}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{0010668C-0801-4DA6-A4A4-826522B6D28F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0010668C-0801-4DA6-A4A4-826522B6D28F}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{5805137A-E348-4F7C-B3CC-6DB9965A0599}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5805137A-E348-4F7C-B3CC-6DB9965A0599}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{02805F1E-D5AA-415B-82C5-61C033A988A6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{02805F1E-D5AA-415B-82C5-61C033A988A6}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{4B59AFCC-B8C3-408A-B670-89E5FAB6FDA7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4B59AFCC-B8C3-408A-B670-89E5FAB6FDA7}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{41070793-59E4-479A-A1F7-954ADC2EF5FC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41070793-59E4-479A-A1F7-954ADC2EF5FC}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{B92E345D-F52D-41F3-B562-081BC772E3B9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B92E345D-F52D-41F3-B562-081BC772E3B9}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{7447A267-0015-42C8-A8F1-FB3B94C68361}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7447A267-0015-42C8-A8F1-FB3B94C68361}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{1767B93A-B021-44EA-920F-863C11F4F768}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1767B93A-B021-44EA-920F-863C11F4F768}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{9F66347C-60C4-4C4D-AB58-D2358685F607}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9F66347C-60C4-4C4D-AB58-D2358685F607}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{50B1904B-F28F-4574-93F4-0BADE82C69E9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{50B1904B-F28F-4574-93F4-0BADE82C69E9}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{356F2F88-05A6-4728-B9A4-1BFBCE04D838}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{356F2F88-05A6-4728-B9A4-1BFBCE04D838}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{32557D3B-69DC-4F95-836E-F5972B2F6159}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{32557D3B-69DC-4F95-836E-F5972B2F6159}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{3692CA39-E082-4350-9E1F-3704CB083CD5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3692CA39-E082-4350-9E1F-3704CB083CD5}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{0CE7A4A6-03E8-4A60-9D15-282EF32EE7DA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0CE7A4A6-03E8-4A60-9D15-282EF32EE7DA}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{AABFB2FA-3E1E-4A8F-8977-5556FB94EA23}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AABFB2FA-3E1E-4A8f-8977-5556FB94EA23}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{F90B5F36-367B-402A-9DD1-BC0FD59D8F62}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F90B5F36-367B-402A-9DD1-BC0FD59D8F62}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{877A0BB7-A313-4491-87B5-2E6D0594F520}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{877A0BB7-A313-4491-87B5-2E6D0594F520}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{F5D3E63B-CB0F-4628-A478-6D8244BE36B1}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F5D3E63B-CB0F-4628-A478-6D8244BE36B1}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{FB40360C-547E-4956-A3B9-D4418859BA66}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FB40360C-547E-4956-A3B9-D4418859BA66}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{D94EDF02-EFE5-4F0D-85C8-F5A68B3000B1}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D94EDF02-EFE5-4F0D-85C8-F5A68B3000B1}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{276C88CA-7533-4A86-B676-66B36080D484}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{276C88CA-7533-4A86-B676-66B36080D484}\\Containers",
        "HKEY_CLASSES_ROOT\\CLSID\\{ACDDFC3F-85EC-41BC-BDEF-1BC262E4DB05}",
        "HKEY_CLASSES_ROOT\\CLSID\\{2438DE3D-94D9-4BE8-84A8-4DE95A575E75}",
        "HKEY_CLASSES_ROOT\\CLSID\\{076F9911-A348-465C-A807-A252F3F2D3DE}",
        "HKEY_CLASSES_ROOT\\CLSID\\{85A10B03-C9F6-439F-BE5E-C0FBEF67807C}",
        "HKEY_CLASSES_ROOT\\CLSID\\{05AF94D8-7174-4CD2-BE4A-4124B80EE4B8}\\Instance",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaximumAllowedAllocationSize",
        "HKEY_CLASSES_ROOT\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Namespaces",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\mspaint.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
        "HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar",
        "HKEY_CLASSES_ROOT\\Directory",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler",
        "HKEY_CLASSES_ROOT\\Folder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
        "HKEY_CLASSES_ROOT\\AllFilesystemObjects",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PropertyBag",
        "HKEY_CLASSES_ROOT\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate",
        "HKEY_CLASSES_ROOT\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID",
        "HKEY_CLASSES_ROOT\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\WCOSEnumerationBaselineAllowedlist",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AllowedEnumeration",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4FFE-A368-0DE96E47012E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4BD9-94B0-29233477B6C3}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\fdeploy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4AF4-A7EB-4E7A138D8174}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4C59-B6A2-414586476AEA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4A90-BBA9-27CBC0C5389A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4900540-2379-4C75-844B-64E6FAF8716B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4E48-96A1-3F6217F21990}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464B-ABE8-61C8648D939B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482AF6C-08F1-4C34-8C90-E17EC98B1E17}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BCB5256F-79F6-4CEE-B725-DC34E402FD46}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE61D971-5EBC-4F02-A3A9-6C82895E5C04}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7BEDE81-DF94-4682-A7D8-57A52620B86F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4EAB-965A-69829D1FB59F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1E87508D-89C2-42F0-8A7E-645A0F50CA58}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{859EAD94-2E85-48AD-A71A-0969CB56A6CD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A305CE99-F527-492B-8B1A-7E76FA98D6E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4E80-94BC-9912D7504104}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4F11-9E78-5F7800F2E772}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45E5-87F6-0DA56B6A4F7D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49A9-B74D-02885A5DC765}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4B87-BFD0-4CD0DFB19B39}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DF7266AC-9274-4867-8D55-3BD661DE872D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337D1-B8CA-4121-A639-6D472D16972A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4FDB-9148-0F4247291CFA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4BDA-8FD7-F78DCA774F87}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PropertyBag",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
        "HKEY_CURRENT_USER\\Software\\Classes\\DelegateFolders",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\UsersFiles\\NameSpace",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\UsersFiles\\NameSpace\\DelegateFolders",
        "HKEY_CLASSES_ROOT\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Start Menu",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers\\.jpg",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.jpg",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.jpg\\(Default)",
        "HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\OverrideFileSystemProperties",
        "HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\DisableProcessIsolation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\NoOplock",
        "HKEY_CLASSES_ROOT\\ExplorerCLSIDFlags\\{A38B883C-1682-497E-97B0-0A3A9E801682}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\UseInProcHandlerCache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\UseOutOfProcHandlerCache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{A38B883C-1682-497E-97B0-0A3A9E801682}",
        "HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\Instance",
        "HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\EnableShareDenyNone",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DisableFCM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Accent",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Personalization",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization\\PersonalColors_Background",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization\\NoChangingStartMenuBackground",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\SafeProcessSearchMode",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell\\TabletMode",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM\\ColorPrevalence",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WBEM\\CIMOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\Sink Transmit Buffer Size",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Cimom",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\DefaultRpcStackSize",
        "HKEY_CURRENT_USER\\Software\\Classes",
        "HKEY_LOCAL_MACHINE\\Software\\Classes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\wmiprvse.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\EnableObjectValidation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{B7B31DF9-D515-11D3-A11C-00105A1F515A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{07435309-D440-41B7-83F3-EB82DB6C622F}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{07435309-D440-41B7-83F3-EB82DB6C622F}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{07435309-D440-41B7-83F3-EB82DB6C622F}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\\ProxyStubClsid32\\(Default)",
        "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\InProcServer32",
        "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}\\LocalServer32",
        "HKEY_CLASSES_ROOT\\CLSID\\{F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\LocalServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Elevation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)"
      ],
      "read_keys": [
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DisableUNCCheck",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\EnableExtensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DelayedExpansion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DefaultColor",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\CompletionChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\PathCompletionChar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\AutoRun",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Generation",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Data",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Generation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\af-ZA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\af-ZA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\am-ET",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\am-ET",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-AE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-AE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1256",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-BH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-BH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-DZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-DZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-EG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-EG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-IQ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-IQ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-JO",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-JO",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-KW",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-KW",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-LB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-LB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-LY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-LY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-MA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-MA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-OM",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-OM",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-QA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-QA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-SA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-SA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-SY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-SY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-TN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-TN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-YE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-YE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\arn-CL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\arn-CL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\as-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\as-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\az-Cyrl-AZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\az-Cyrl-AZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1251",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\az-Latn-AZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\az-Latn-AZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1254",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ba-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ba-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\be-BY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\be-BY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bg-BG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bg-BG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bin-NG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bin-NG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bn-BD",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bn-BD",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bn-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bn-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bo-CN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bo-CN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\br-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\br-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bs-Cyrl-BA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bs-Cyrl-BA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bs-Latn-BA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bs-Latn-BA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1250",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES-valencia",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES-valencia",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\chr-Cher-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\chr-Cher-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\co-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\co-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cs-CZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cs-CZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cy-GB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cy-GB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\da-DK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\da-DK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-AT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-AT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-CH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-CH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-LI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-LI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-LU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-LU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dsb-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dsb-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dv-MV",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dv-MV",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dz-BT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dz-BT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\el-GR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\el-GR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1253",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-029",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-029",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-BZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-BZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-CA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-CA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-GB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-GB",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-HK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-HK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-ID",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-ID",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-IE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-IE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-IN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-JM",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-JM",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-MY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-MY",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-NZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-NZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-PH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-PH",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-SG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-SG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-TT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-TT",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File1",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File2",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File3",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File4",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File5",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File6",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File7",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File8",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File9",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Settings\\PreviewPages",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\NoStretching",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowThumbnail",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowAllFiles",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\BMPWidth",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\BMPHeight",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\WindowPlacement",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbXPos",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbYPos",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbWidth",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbHeight",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\UnitSetting",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowRulers",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowGrid",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowStatusBar",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\ShowTextTool",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PointSize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Bold",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Underline",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Italic",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Strikeout",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PositionX",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PositionY",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\TypeFaceName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MinimumDistance",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MaximumDistance",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MinimumTime",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MaximumTime",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\CharSet",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\TextPen",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\SnapToGrid",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\GridExtent",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{c50898f6-c536-5f47-8583-8b2c2438a13b}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\AppID",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5E38B83C-8CF1-11D1-BF92-0060081ED811}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\stisvc\\ObjectName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Ribbon\\QatItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}\\CLSID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceManufacturer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceModels",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportAnimation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportChromakey",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportLossless",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportMultiframe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ArbitrationPriority",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\CLSID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceManufacturer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceModels",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportAnimation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportChromakey",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportLossless",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportMultiframe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ArbitrationPriority",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Position",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\EndOfStream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaximumAllowedAllocationSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\FolderValueFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Start Menu",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers\\.jpg",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.jpg\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\DisableProcessIsolation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\NoOplock",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\UseInProcHandlerCache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\UseOutOfProcHandlerCache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32\\LoadWithoutCOM",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\EnableShareDenyNone",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization\\PersonalColors_Background",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization\\NoChangingStartMenuBackground",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\SafeProcessSearchMode",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell\\TabletMode",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM\\ColorPrevalence",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\Sink Transmit Buffer Size",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\DefaultRpcStackSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\EnableObjectValidation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{07435309-D440-41B7-83F3-EB82DB6C622F}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\AppID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)"
      ],
      "write_keys": [],
      "delete_keys": [],
      "executed_commands": [
        "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\"",
        "\"C:\\Windows\\system32\\mspaint.exe\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\"",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg ",
        "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
      ],
      "resolved_apis": [
        "ntdll.dll.RtlWow64GetCurrentMachine",
        "ntdll.dll.RtlWow64IsWowGuestMachineSupported"
      ],
      "mutexes": [
        "Local\\SM0:4504:304:WilStaging_02",
        "Local\\SM0:4504:120:WilError_03",
        "Local\\MSCTF.Asm.MutexDefault2",
        "CicLoadWinStaWinSta0",
        "Local\\MSCTF.CtfMonitorInstMutexDefault2",
        "Local\\SessionImmersiveColorMutex",
        "Local\\SM0:2492:304:WilStaging_02"
      ],
      "created_services": [],
      "started_services": [
        "stisvc"
      ]
    },
    "enhanced": [
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:16,963",
        "eid": 1,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,963",
        "eid": 2,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DisableUNCCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,963",
        "eid": 3,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\EnableExtensions",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,963",
        "eid": 4,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DelayedExpansion",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,963",
        "eid": 5,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DefaultColor",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,963",
        "eid": 6,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\CompletionChar",
          "content": "9"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,978",
        "eid": 7,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\PathCompletionChar",
          "content": "9"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,978",
        "eid": 8,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\AutoRun",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:16,978",
        "eid": 9,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-06-30 02:26:16,978",
        "eid": 10,
        "data": {
          "file": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\" "
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:16,978",
        "eid": 11,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,994",
        "eid": 12,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,994",
        "eid": 13,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,994",
        "eid": 14,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,994",
        "eid": 15,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:16,994",
        "eid": 16,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a5b50000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:16,994",
        "eid": 17,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:16,994",
        "eid": 18,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "0"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,072",
        "eid": 19,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff994050000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,088",
        "eid": 20,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa3d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,103",
        "eid": 21,
        "data": {
          "file": "C:\\Windows\\System32\\propsys.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a2720000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,150",
        "eid": 22,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Storage.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a6230000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,166",
        "eid": 23,
        "data": {
          "file": "C:\\Windows\\System32\\windows.storage.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a6230000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,291",
        "eid": 24,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xc4\\xd8c\\xf2\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,291",
        "eid": 25,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,291",
        "eid": 26,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00o\\xb6d\\x1c\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,291",
        "eid": 27,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,291",
        "eid": 28,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xd9T\\x98P\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x008\\x00E\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,291",
        "eid": 29,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 30,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 31,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 32,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 33,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 34,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 35,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 36,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 37,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 38,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 39,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 40,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 41,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 42,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 43,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 44,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 45,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 46,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 47,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 48,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 49,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
          "content": "nt authority\\system"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 50,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 51,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,306",
        "eid": 52,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 53,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)",
          "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 54,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 55,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 56,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 57,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 58,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 59,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 60,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 61,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 62,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 63,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 64,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 65,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 66,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 67,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 68,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 69,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a1300000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,322",
        "eid": 70,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,338",
        "eid": 71,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,338",
        "eid": 72,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)",
          "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,338",
        "eid": 73,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.UI.AppDefaults.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9903b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,338",
        "eid": 74,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff994050000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,353",
        "eid": 75,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa9f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,431",
        "eid": 76,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa760000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,463",
        "eid": 77,
        "data": {
          "file": "C:\\Windows\\System32\\urlmon.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff99f930000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,478",
        "eid": 78,
        "data": {
          "file": "API-MS-WIN-CORE-URL-L1-1-0.DLL",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a8430000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,494",
        "eid": 79,
        "data": {
          "file": "C:\\Windows\\System32\\WinTypes.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a4dc0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,494",
        "eid": 80,
        "data": {
          "file": "C:\\Windows\\System32\\WinTypes.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a4dc0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,494",
        "eid": 81,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a8a40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,494",
        "eid": 82,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa9f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,509",
        "eid": 83,
        "data": {
          "file": "C:\\Windows\\System32\\PhotoMetadataHandler.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff998e30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,525",
        "eid": 84,
        "data": {
          "file": "C:\\Windows\\System32\\SHCore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a9d30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,525",
        "eid": 85,
        "data": {
          "file": "C:\\Windows\\System32\\windowscodecs.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff99cf00000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,588",
        "eid": 86,
        "data": {
          "file": "PhotoMetadataHandler.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff998e30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,619",
        "eid": 87,
        "data": {
          "file": "C:\\Windows\\System32\\appresolver.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9971f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,634",
        "eid": 88,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff99d480000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,634",
        "eid": 89,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\\ProxyStubClsid32\\(Default)",
          "content": "{95E15D0A-66E6-93D9-C53C-76E6219D3341}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,634",
        "eid": 90,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,634",
        "eid": 91,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,634",
        "eid": 92,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,634",
        "eid": 93,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,634",
        "eid": 94,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,634",
        "eid": 95,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,634",
        "eid": 96,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 97,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 98,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 99,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 105,
        "data": {
          "file": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff99eea0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 106,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:17,650",
        "eid": 117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Storage.Streams.DataWriter\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:19,791",
        "eid": 118,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa9f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:19,791",
        "eid": 119,
        "data": {
          "file": "C:\\Windows\\System32\\apphelp.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a5a30000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-06-30 02:26:19,806",
        "eid": 120,
        "data": {
          "file": "\"C:\\Windows\\system32\\mspaint.exe\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\""
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:19,822",
        "eid": 121,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa9f0000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-06-30 02:26:19,838",
        "eid": 122,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:19,838",
        "eid": 123,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "start",
        "object": "service",
        "timestamp": "2026-06-30 02:26:23,643",
        "eid": 124,
        "data": {
          "service": "stisvc"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-06-30 02:26:32,503",
        "eid": 125,
        "data": {
          "file": "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,057",
        "eid": 126,
        "data": {
          "file": "MSVCRT.DLL",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa910000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,057",
        "eid": 127,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,057",
        "eid": 128,
        "data": {
          "file": "user32",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa760000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,104",
        "eid": 129,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,120",
        "eid": 130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,135",
        "eid": 131,
        "data": {
          "file": "LPK",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,135",
        "eid": 132,
        "data": {
          "file": "GDI32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,135",
        "eid": 133,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,135",
        "eid": 134,
        "data": {
          "file": "ninput.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff99dda0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,135",
        "eid": 135,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,182",
        "eid": 136,
        "data": {
          "file": "gdiplus.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff990180000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,182",
        "eid": 137,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,182",
        "eid": 138,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,198",
        "eid": 139,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a5b50000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,198",
        "eid": 140,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,198",
        "eid": 141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,198",
        "eid": 142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,198",
        "eid": 143,
        "data": {
          "file": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_91a663c8cc864906\\GdiPlus.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff990180000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,198",
        "eid": 144,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,198",
        "eid": 145,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\af-ZA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\af-ZA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\am-ET",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\am-ET",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-AE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 151,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-AE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1256",
          "content": "c_1256.nls"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 153,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-BH",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-BH",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-DZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-DZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-EG",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-EG",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-IQ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-IQ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-JO",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-JO",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-KW",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-KW",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-LB",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-LB",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-LY",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-LY",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-MA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-MA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-OM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-OM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-QA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-QA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-SA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-SA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-SY",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-SY",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-TN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-TN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ar-YE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ar-YE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\arn-CL",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\arn-CL",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\as-IN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\as-IN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\az-Cyrl-AZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\az-Cyrl-AZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,229",
        "eid": 190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1251",
          "content": "c_1251.nls"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\az-Latn-AZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\az-Latn-AZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1254",
          "content": "c_1254.nls"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ba-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 195,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ba-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\be-BY",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\be-BY",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bg-BG",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bg-BG",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bin-NG",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bin-NG",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bn-BD",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bn-BD",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bn-IN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bn-IN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bo-CN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bo-CN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,245",
        "eid": 208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\br-FR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\br-FR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bs-Cyrl-BA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bs-Cyrl-BA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\bs-Latn-BA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\bs-Latn-BA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1250",
          "content": "c_1250.nls"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES-valencia",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES-valencia",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\chr-Cher-US",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\chr-Cher-US",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\co-FR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\co-FR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cs-CZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cs-CZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cy-GB",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cy-GB",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\da-DK",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\da-DK",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-AT",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-AT",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-CH",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-CH",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-DE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-DE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-LI",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-LI",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-LU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-LU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dsb-DE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dsb-DE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dv-MV",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dv-MV",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\dz-BT",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\dz-BT",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\el-GR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\el-GR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\1253",
          "content": "c_1253.nls"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-029",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-029",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-AU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-AU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-BZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-BZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-CA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-CA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-GB",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-GB",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-HK",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-HK",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-ID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,260",
        "eid": 263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-ID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-IE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-IE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-IN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-IN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-JM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-JM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-MY",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-MY",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-NZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-NZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-PH",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-PH",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-SG",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-SG",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-TT",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-TT",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 280,
        "data": {
          "file": "MSFTEDIT.DLL",
          "pathtofile": null,
          "moduleaddress": "0x7ff98de00000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 281,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,276",
        "eid": 282,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 283,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 284,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 285,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 286,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File1",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 287,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File1",
          "content": "C:\\Windows\\Web\\Wallpaper\\MeetRevision\\v2\\lockscreen.jpg"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 288,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 289,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 290,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 291,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File2",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 292,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 293,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 294,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 295,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File3",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 296,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 297,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 298,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 299,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File4",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 300,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 301,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 302,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 303,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File5",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 304,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 305,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 306,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 307,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File6",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 308,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 309,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 310,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 311,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File7",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 312,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 313,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 314,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 315,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File8",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 316,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 317,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 318,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 319,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Recent File List\\File9",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 320,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 321,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 322,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Settings"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,307",
        "eid": 323,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Settings\\PreviewPages",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 324,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 325,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 326,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 327,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\NoStretching",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 328,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 329,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 330,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 331,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowThumbnail",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 332,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 333,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 334,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 335,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowAllFiles",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 336,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 337,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 338,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 339,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\BMPWidth",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 340,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 341,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 342,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 343,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\BMPHeight",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 344,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\WindowPlacement",
          "content": ",\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x8f\\x00\\x00\\x00Y\\x00\\x00\\x00\\x0f\\x05\\x00\\x00)\\x03\\x00\\x00"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,323",
        "eid": 345,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 346,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 347,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 348,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbXPos",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 349,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 350,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 351,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 352,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbYPos",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 353,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 354,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 355,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 356,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbWidth",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 357,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 358,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 359,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 360,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ThumbHeight",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 361,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 362,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 363,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 364,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\UnitSetting",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 365,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 366,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 367,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 368,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowRulers",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 369,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 370,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 371,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 372,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowGrid",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 373,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 374,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 375,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 376,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\ShowStatusBar",
          "content": "1"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 377,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 378,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 379,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 380,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\ShowTextTool",
          "content": "1"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 381,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 382,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 383,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,339",
        "eid": 384,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PointSize",
          "content": "11"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 385,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 386,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 387,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 388,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Bold",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 389,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 390,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 391,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 392,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Underline",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 393,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 394,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 395,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 396,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Italic",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 397,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 398,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 399,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 400,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\Strikeout",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 401,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 402,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 403,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 404,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PositionX",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 405,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 406,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 407,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 408,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\PositionY",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 409,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 410,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 411,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 412,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\TypeFaceName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 413,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\TypeFaceName",
          "content": ""
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 414,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 415,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 416,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,354",
        "eid": 417,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MinimumDistance",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 418,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 419,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 420,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 421,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MaximumDistance",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 422,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 423,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 424,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 425,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MinimumTime",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 426,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 427,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 428,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 429,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Keyboard\\MaximumTime",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 430,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 431,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 432,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 433,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\CharSet",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 434,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 435,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 436,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 437,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Text\\TextPen",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 438,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 439,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 440,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 441,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\SnapToGrid",
          "content": "0"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 442,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 443,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 444,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 445,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\View\\GridExtent",
          "content": "1"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 446,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,370",
        "eid": 447,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,385",
        "eid": 448,
        "data": {
          "file": "C:\\Windows\\System32\\UIRibbon.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9870a0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,385",
        "eid": 449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,385",
        "eid": 450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,385",
        "eid": 451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\DllPath",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,385",
        "eid": 452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,385",
        "eid": 453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,385",
        "eid": 454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,385",
        "eid": 455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,385",
        "eid": 456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManager\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 460,
        "data": {
          "file": "C:\\Windows\\System32\\windows.storage.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a6230000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 461,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\DllPath",
          "content": "C:\\Windows\\System32\\efswrt.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\TrustLevel",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Security.EnterpriseData.ProtectionPolicyManagerPrivatePT\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 473,
        "data": {
          "file": "C:\\Windows\\System32\\efswrt.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff988f00000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 474,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\DllPath",
          "content": "C:\\Windows\\System32\\twinapi.appcore.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,401",
        "eid": 478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.ApplicationModel.Core.CoreApplication\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 486,
        "data": {
          "file": "C:\\Windows\\System32\\twinapi.appcore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a10f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 487,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 488,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivationType",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Server",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\DllPath",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Threading",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 493,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 494,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,417",
        "eid": 495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 496,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Foundation.Collections.PropertySet\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 500,
        "data": {
          "file": "C:\\Windows\\System32\\WinTypes.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a4dc0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 501,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\XAML\\OneCoreTransformsEnabledByDefault",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 503,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 509,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,432",
        "eid": 510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,448",
        "eid": 511,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,448",
        "eid": 512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{c50898f6-c536-5f47-8583-8b2c2438a13b}\\ProxyStubClsid32\\(Default)",
          "content": "{11659a23-5884-4d1b-9cf6-67d6f4f90b36}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,448",
        "eid": 513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,448",
        "eid": 514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,448",
        "eid": 515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": "Ptype_PSFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,448",
        "eid": 516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,448",
        "eid": 517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\(Default)",
          "content": "Ptype_PSFactory"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\WinTypes.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\\AppID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
          "content": "kernel32.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 529,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa3d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 530,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:20,464",
        "eid": 532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,682",
        "eid": 533,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff994050000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,682",
        "eid": 534,
        "data": {
          "file": "C:\\Windows\\System32\\sti.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff99dff0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,682",
        "eid": 535,
        "data": {
          "file": "wiatrace.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a4220000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,682",
        "eid": 536,
        "data": {
          "file": "C:\\Windows\\System32\\kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa3d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,682",
        "eid": 537,
        "data": {
          "file": "api-ms-win-security-sddl-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa510000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,682",
        "eid": 538,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a92a0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,682",
        "eid": 539,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,698",
        "eid": 540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{5E38B83C-8CF1-11D1-BF92-0060081ED811}\\ProxyStubClsid32\\(Default)",
          "content": "{4DB1AD10-3391-11D2-9A33-00C04FA36145}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,714",
        "eid": 541,
        "data": {
          "file": "OLEAUT32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a9530000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,714",
        "eid": 542,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,729",
        "eid": 543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\stisvc\\ObjectName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,729",
        "eid": 544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\stisvc\\ObjectName",
          "content": "NT Authority\\LocalService"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,745",
        "eid": 545,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,760",
        "eid": 546,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,760",
        "eid": 547,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,760",
        "eid": 548,
        "data": {
          "file": "sti.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,760",
        "eid": 549,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,760",
        "eid": 550,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,776",
        "eid": 551,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,776",
        "eid": 552,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,792",
        "eid": 553,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,792",
        "eid": 554,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,807",
        "eid": 555,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,807",
        "eid": 556,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-06-30 02:26:23,807",
        "eid": 557,
        "data": {
          "file": "C:\\Windows\\debug\\WIA\\wiatrace.log"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,823",
        "eid": 558,
        "data": {
          "file": "C:\\Windows\\system32\\mspaint.exe",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,823",
        "eid": 559,
        "data": {
          "file": "USER32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,839",
        "eid": 560,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,839",
        "eid": 561,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,854",
        "eid": 562,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,854",
        "eid": 563,
        "data": {
          "file": "atlthunk.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff995fc0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,854",
        "eid": 564,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,854",
        "eid": 565,
        "data": {
          "file": "C:\\Windows\\System32\\UIRibbon.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9870a0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,854",
        "eid": 566,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,870",
        "eid": 567,
        "data": {
          "file": "Comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff994050000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,870",
        "eid": 568,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,870",
        "eid": 569,
        "data": {
          "file": "user32",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa760000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,885",
        "eid": 570,
        "data": {
          "file": "USER32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,964",
        "eid": 571,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,964",
        "eid": 572,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,964",
        "eid": 573,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Ribbon\\QatItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,964",
        "eid": 574,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Applets\\Paint\\Ribbon\\QatItems",
          "content": "<siq:customUI xmlns:siq=\"http://schemas.microsoft.com/windows/2009/ribbon/qat\"><siq:ribbon minimized=\"false\"><siq:qat position=\"0\"><siq:sharedControls><siq:control idQ=\"siq:20002\" visible=\"false\" argument=\"0\"/><siq:control idQ=\"siq:20003\" visible=\"false\" a"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,964",
        "eid": 575,
        "data": {
          "file": "C:\\Windows\\System32\\msxml6.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff994e80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,979",
        "eid": 576,
        "data": {
          "file": "Ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa9f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,979",
        "eid": 577,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:23,979",
        "eid": 578,
        "data": {
          "file": "C:\\Windows\\System32\\windowscodecs.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff99cf00000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{41945702-8302-44A6-9445-AC98E8AFA086}\\CLSID",
          "content": "{41945702-8302-44A6-9445-AC98E8AFA086}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Author",
          "content": "Microsoft Corporation"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FriendlyName",
          "content": "Microsoft Raw Image Decoder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Version",
          "content": "10.0.19041.746"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SpecVersion",
          "content": "1.0.0.0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Vendor",
          "content": "{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\InprocServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\MSRAWImage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ContainerFormat",
          "content": "{FE99CE60-F19C-433C-A3AE-00ACEFA9CA21}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceManufacturer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\DeviceModels",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ColorManagementVersion",
          "content": "1.0.0.0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\MimeTypes",
          "content": "image/3FR,image/ARI,image/ARW,image/BAY,image/CAP,image/CR2,image/CR3,image/CRW,image/DCS,image/DCR,image/DRF,image/EIP,image/ERF,image/FFF,image/IIQ,image/K25,image/KDC,image/MEF,image/MOS,image/MRW,image/NEF,image/NRW,image/ORF,image/ORI,image/PEF,image/"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\FileExtensions",
          "content": ".3FR,.ARI,.ARW,.BAY,.CAP,.CR2,.CR3,.CRW,.DCS,.DCR,.DRF,.EIP,.ERF,.FFF,.IIQ,.K25,.KDC,.MEF,.MOS,.MRW,.NEF,.NRW,.ORF,.ORI,.PEF,.PTX,.PXN,.RAF,.RAW,.RW2,.RWL,.SR2,.SRF,.SRW,.X3F,.DNG"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportAnimation",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportChromakey",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportLossless",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:23,995",
        "eid": 605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\SupportMultiframe",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\ArbitrationPriority",
          "content": "10"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,010",
        "eid": 619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Pattern",
          "content": "MM\\x00*"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\0\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Pattern",
          "content": "II*\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\1\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Position",
          "content": "8"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Pattern",
          "content": "MMMMRaw\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\10\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Pattern",
          "content": "IIU\\x00\\x08\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\11\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Pattern",
          "content": "IIU\\x00\\x18\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\12\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Pattern",
          "content": "FOVb"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\13\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,026",
        "eid": 652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Position",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Pattern",
          "content": "ftypcrx "
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\14\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Pattern",
          "content": "IIRO"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\2\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Pattern",
          "content": "IIRS"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 665,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\3\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 668,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 669,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Pattern",
          "content": "MMOR"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\4\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 673,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Pattern",
          "content": "MMSR"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\5\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Pattern",
          "content": "II\\x1a\\x00\\x00\\x00HE"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\6\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Pattern",
          "content": "FUJIFILM"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\7\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Pattern",
          "content": "\\x00MRM"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\8\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Position",
          "content": "8"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Pattern",
          "content": "IIII\\x00waR"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{41945702-8302-44A6-9445-AC98E8AFA086}\\Patterns\\9\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 697,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7ED96837-96F0-4812-B211-F13C24117ED3}\\Instance\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\CLSID",
          "content": "{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 699,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Author",
          "content": "Microsoft Corporation"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 700,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 701,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FriendlyName",
          "content": "Microsoft Camera Raw Decoder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 702,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 703,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Version",
          "content": "10.0.19041.1165"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 704,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,042",
        "eid": 705,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SpecVersion",
          "content": "1.0.0.0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 706,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 707,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Vendor",
          "content": "{F0E749CA-EDEF-4589-A73A-EE0E626A2A2B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 708,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\System32\\WindowsCodecsRaw.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ContainerFormat",
          "content": "{C1FC85CB-D64F-478B-A4EC-69ADC9EE1392}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceManufacturer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\DeviceModels",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ColorManagementVersion",
          "content": "1.0.0.0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 716,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\MimeTypes",
          "content": "image/ARW,image/CR2,image/CRW,image/ERF,image/KDC,image/MRW,image/NEF,image/NRW,image/ORF,image/PEF,image/RAF,image/RAW,image/RW2,image/RWL,image/SR2,image/SRW,image/DNG"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\FileExtensions",
          "content": ".ARW,.CR2,.CRW,.ERF,.KDC,.MRW,.NEF,.NRW,.ORF,.PEF,.RAF,.RAW,.RW2,.RWL,.SR2,.SRW,.DNG"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportAnimation",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportChromakey",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportLossless",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\SupportMultiframe",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\ArbitrationPriority",
          "content": "9"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 725,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 726,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,057",
        "eid": 729,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 730,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 733,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 734,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 736,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 739,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Pattern",
          "content": "MM\\x00*"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 742,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\0\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 745,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Pattern",
          "content": "II*\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 746,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\1\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Position",
          "content": "8"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 749,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Pattern",
          "content": "MMMMRaw\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\10\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Pattern",
          "content": "IIU\\x00\\x08\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\11\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Pattern",
          "content": "IIU\\x00\\x18\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 761,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,073",
        "eid": 762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\12\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 763,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 764,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 765,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Pattern",
          "content": "IIRO"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 766,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\2\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 769,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 770,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Pattern",
          "content": "IIRS"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 771,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\3\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Pattern",
          "content": "MMOR"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\4\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Pattern",
          "content": "MMSR"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\5\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Pattern",
          "content": "II\\x1a\\x00\\x00\\x00HE"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\6\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Pattern",
          "content": "FUJIFILM"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 791,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\7\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Position",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Pattern",
          "content": "\\x00MRM"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\8\\Mask",
          "content": "\\xff\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Position",
          "content": "8"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\EndOfStream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Pattern",
          "content": "IIII\\x00waR"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,089",
        "eid": 802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\\Patterns\\9\\Mask",
          "content": "\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath",
          "content": "C:\\Windows\\Fonts\\staticcache.dat"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 805,
        "data": {
          "file": "C:\\Windows\\Fonts\\StaticCache.dat"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
          "content": "SimSun-ExtB"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,245",
        "eid": 816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,260",
        "eid": 817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,260",
        "eid": 818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,260",
        "eid": 819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,260",
        "eid": 820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,260",
        "eid": 821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,292",
        "eid": 822,
        "data": {
          "file": "C:\\Windows\\System32\\oleacc.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff992900000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,292",
        "eid": 823,
        "data": {
          "file": "OLEAUT32.DLL",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a9530000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,307",
        "eid": 824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\MaximumAllowedAllocationSize",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,323",
        "eid": 825,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,323",
        "eid": 826,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,339",
        "eid": 827,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,339",
        "eid": 828,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,354",
        "eid": 829,
        "data": {
          "file": "WindowsCodecs.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff99cf00000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,354",
        "eid": 830,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 831,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 833,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 835,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 836,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 838,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 840,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 841,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 842,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 843,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 846,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 850,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\FolderValueFlags",
          "content": "1581568"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 851,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 852,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 854,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00o\\xb6d\\x1c\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 855,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 856,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,370",
        "eid": 857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
          "content": "32"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,385",
        "eid": 858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,385",
        "eid": 859,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer\\UseFindFirstFileEnumeration",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,385",
        "eid": 860,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xba\\x01\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\xc4\\xd8c\\xf2\\x1e\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x001\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,385",
        "eid": 861,
        "data": {
          "file": "C:\\Windows\\System32\\propsys.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a2720000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,385",
        "eid": 862,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data",
          "content": "\\xd6\r\\x00\\x00\r\\xf0\\xad\\xbaA\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\x06\\xe7\\x03\\xff\\x00\\x00\\x00\\x16\\x00\\x00\\x00o\\xb6d\\x1c\\x1f\\x00\\x00\\x00\\x04@\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00\\\\x00?\\x00\\\\x00S\\x00T\\x00O\\x00R\\x00A\\x00G\\x00E\\x00#\\x00V\\x00o\\x00l\\x00u\\x00m\\x00e\\x00#\\x00{\\x001\\x00c\\x001\\x009\\x002\\x00d\\x00d\\x00b\\x00-\\x007\\x003\\x007\\x001\\x00-\\x001\\x001\\x00f\\x001\\x00-\\x009\\x00c\\x00d\\x004\\x00-\\x008\\x000\\x006\\x00e\\x006\\x00f\\x006\\x00e\\x006\\x009\\x006\\x003\\x00}\\x00#\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x000\\x003\\x003\\x000\\x000\\x000\\x000\\x000\\x00#\\x00{\\x005\\x003\\x00f\\x005\\x006\\x003\\x000\\x00d\\x00-\\x00b\\x006\\x00b\\x00f\\x00-\\x001\\x001\\x00d\\x000\\x00-\\x009\\x004\\x00f\\x002\\x00-\\x000\\x000\\x00a\\x000\\x00c\\x009\\x001\\x00e\\x00f\\x00b\\x008\\x00b\\x00}\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,385",
        "eid": 863,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-30 02:26:24,385",
        "eid": 864,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\Caches"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,385",
        "eid": 865,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 866,
        "data": {
          "file": "C:\\Users\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 868,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 869,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 870,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
          "content": "$\\x00\\x00\\x004(\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 872,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 873,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 874,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 876,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 878,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 879,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 880,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 881,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 882,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 883,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 884,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 885,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 886,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 887,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 888,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 889,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
          "content": "0"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 890,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 891,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 892,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 893,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 894,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,401",
        "eid": 895,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowStatusBar",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 896,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 901,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 902,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 903,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 904,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,417",
        "eid": 908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 910,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 911,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 916,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 917,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21769"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-183"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 927,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 930,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 932,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
          "content": "%USERPROFILE%\\Desktop"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 933,
        "data": {
          "file": "C:\\Users\\Rajesh\\Desktop\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 935,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
          "content": "Libraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
          "content": "Microsoft\\Windows\\Libraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 939,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 942,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 944,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 955,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 956,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 957,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
          "content": "AppData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,432",
        "eid": 959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
          "content": "AppData\\Roaming"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 961,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 970,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 971,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 972,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 973,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 974,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 975,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 976,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 977,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
          "content": "%USERPROFILE%\\AppData\\Roaming"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 978,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 979,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Name",
          "content": "Local Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 980,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 981,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 982,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\RelativePath",
          "content": "Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 983,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{d3162b92-9365-467a-956b-92703aca08af}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 984,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 985,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21770"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 986,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-112"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 987,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 988,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 989,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 990,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 991,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 992,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 993,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 994,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 995,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 996,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 997,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 998,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 999,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{F42EE2D3-909F-4907-8871-4C22FC0BF756}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1000,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1001,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
          "content": "Profile"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1002,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1003,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1004,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1005,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1006,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1007,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1008,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1009,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1010,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1011,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1012,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1013,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1014,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1015,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1016,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1017,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1018,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1019,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,448",
        "eid": 1020,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1021,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1022,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1023,
        "data": {
          "file": "C:\\Users\\Rajesh\\Documents\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1024,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1025,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Name",
          "content": "Local Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1028,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\RelativePath",
          "content": "Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12689"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1031,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21790"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-108"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1034,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1035,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1036,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1037,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1038,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1039,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1040,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1041,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1043,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1044,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1045,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A0C69A99-21C8-4671-8703-7934162FCF1D}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1046,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1047,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1048,
        "data": {
          "file": "C:\\Users\\Rajesh\\Music\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1049,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1050,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Name",
          "content": "Local Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1051,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1052,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1053,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\RelativePath",
          "content": "Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1054,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{24ad3ad4-a569-4530-98e1-ab02f9417aa8}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1055,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12688"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1056,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21779"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1057,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-113"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,464",
        "eid": 1058,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1059,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1060,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1061,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1062,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1063,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1064,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1065,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1066,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1067,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1068,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1069,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1070,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{0DDD015D-B06C-45D5-8C4C-F59713854639}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1071,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1072,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1073,
        "data": {
          "file": "C:\\Users\\Rajesh\\Pictures\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1074,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1075,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Name",
          "content": "Local Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1076,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1077,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1078,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\RelativePath",
          "content": "Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1079,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1080,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12690"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1081,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21791"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1082,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-189"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1083,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1084,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1085,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1086,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1087,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1088,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1089,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1090,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1091,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1092,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1093,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1094,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1095,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{35286A68-3C57-41A1-BBB1-0EAE73D76C95}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1096,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1097,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,479",
        "eid": 1098,
        "data": {
          "file": "C:\\Users\\Rajesh\\Videos\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1099,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Name",
          "content": "Local Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\RelativePath",
          "content": "Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{088e3905-0323-4b02-9826-5d99428e115f}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21798"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-184"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1120,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D83EE9B-2244-4E70-B1F5-5393042AF1E4}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1123,
        "data": {
          "file": "C:\\Users\\Rajesh\\Downloads\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1125,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1127,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Name",
          "content": "UsersFilesFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1128,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\ParsingName",
          "content": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1138,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1139,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\Attributes",
          "content": "18446744073449767213"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\ShellFolder\\FolderValueFlags",
          "content": "5243433"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1151,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\MonitorRegistry",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegateSuppressionPolicy",
          "content": "{92803FB4-7706-4035-ACD7-F63E069D3697}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1156,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\PreventItemCreationInUsersFilesFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UsersFiles\\NameSpace\\DelegateFolders\\StorageDelegate",
          "content": "{DFFACDC5-679F-4156-8947-C5C76BC0B67F}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\CLSID",
          "content": "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\Windows.Storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,495",
        "eid": 1161,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.Storage.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a6230000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,510",
        "eid": 1162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,510",
        "eid": 1163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\Attributes",
          "content": "17"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,510",
        "eid": 1164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\DescriptionID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,510",
        "eid": 1165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\HelpTopic",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,510",
        "eid": 1166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\AllowChildAliasRegistration",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,510",
        "eid": 1167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\RecursiveSearch",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,510",
        "eid": 1168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,510",
        "eid": 1169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\Instance\\InitPropertyBag\\TargetKnownFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Name",
          "content": "Searches"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\RelativePath",
          "content": "Searches"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\ParsingName",
          "content": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{7d1d3a04-debb-4115-95cf-2f29da2920da}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-9031"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-18"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\FolderTypeID",
          "content": "{0b0ba2e3-405f-415e-a6ee-cad625207853}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d1d3a04-debb-4115-95cf-2f29da2920da}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1191,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1195,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
          "content": "Windows"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
          "content": "ProgramFilesCommon"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,526",
        "eid": 1231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Name",
          "content": "MusicLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\RelativePath",
          "content": "Music.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12689"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34584"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1004"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2112AB0A-C86A-4ffe-A368-0DE96E47012E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Name",
          "content": "PublicLibraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\RelativePath",
          "content": "Libraries"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\Attributes",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{48daf80b-e6cf-4f4e-b800-0e69d84ee384}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
          "content": "Common Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21799"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
          "content": "D:P(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1300,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Name",
          "content": "AppDataDocuments"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1301,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\RelativePath",
          "content": "Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1315,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,542",
        "eid": 1319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7BE16610-1F7F-44AC-BFF0-83E15F2FFCA1}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Name",
          "content": "CD Burning"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1322,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1323,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1324,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\RelativePath",
          "content": "Microsoft\\Windows\\Burn\\Burn"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1325,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1326,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21815"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1337,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1338,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1339,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1340,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9E52AB10-F80D-49DF-ACB8-4330F5687855}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1341,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Name",
          "content": "SavedPicturesLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1343,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1345,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\RelativePath",
          "content": "SavedPictures.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1347,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34583"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1351,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-6"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1353,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1354,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1355,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1356,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1358,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1359,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1360,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1361,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E25B5812-BE88-4bd9-94B0-29233477B6C3}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1363,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Name",
          "content": "MAPIFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1365,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\ParsingName",
          "content": "shell:::{89D83576-6BD1-4C86-9454-BEB04E94C819}\\*"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1369,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1371,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1372,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{98EC0E18-2098-4D44-8644-66979315A281}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Name",
          "content": "Common Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\RelativePath",
          "content": "Microsoft\\Windows\\Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1388,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1389,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1390,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21786"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
          "content": "My Video"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
          "content": "Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A0953C92-50DC-43BF-BE83-3742FED03C9C}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12690"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21791"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-189"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1427,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Name",
          "content": "Quick Launch"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\RelativePath",
          "content": "Microsoft\\Internet Explorer\\Quick Launch"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1440,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1444,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,557",
        "eid": 1447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
          "content": "ProgramFilesCommonX86"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Name",
          "content": "3D Objects"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParentFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\RelativePath",
          "content": "3D Objects"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21825"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-198"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\FolderTypeID",
          "content": "{b3690e58-e961-423b-b687-386ebfd83239}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1493,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{31C0DD25-9439-4F12-BF41-7FF4EDA38722}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1494,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1496,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Name",
          "content": "ConnectionsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1500,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Name",
          "content": "PrintersFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\ParsingName",
          "content": "::{21EC2020-3AEA-1069-A2DD-08002B30309D}\\::{2227A280-3AEA-1069-A2DE-08002B30309D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{76FC4E2D-D6AD-4519-A663-37BD56068185}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Name",
          "content": "VideosLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\RelativePath",
          "content": "Videos.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{491E922F-5643-4af4-A7EB-4E7A138D8174}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12690"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34620"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1005"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{491E922F-5643-4af4-A7EB-4E7A138D8174}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
          "content": "My Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
          "content": "Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{3ADD1653-EB32-4CB0-BBD7-DFA0ABB5ACCA}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12688"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21779"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-113"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1582,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,573",
        "eid": 1583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Name",
          "content": "ResourceDir"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8AD10C31-2ADB-4296-A8F7-E4701232C972}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
          "content": "Common Startup"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
          "content": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
          "content": "StartUp"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21787"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Name",
          "content": "PublicGameTasks"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\RelativePath",
          "content": "Microsoft\\Windows\\GameExplorer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DEBF2536-E1A8-4c59-B6A2-414586476AEA}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Name",
          "content": "SyncSetupFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C},"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1665,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,589",
        "eid": 1668,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1669,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
          "content": "CommonVideo"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1673,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
          "content": "Videos"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12690"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21804"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
          "content": "History"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
          "content": "Microsoft\\Windows\\History"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1697,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1699,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1700,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1701,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1702,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1703,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1704,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1705,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1706,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1707,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1708,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Name",
          "content": "SyncResultsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1716,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{BC48B32F-5910-47F5-8570-5074A8A5636A},"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1725,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1726,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1729,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1730,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{289A9A43-BE44-4057-A41B-587A76D7E7F9}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1733,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1734,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Name",
          "content": "ConflictFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1736,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\\::{E413D040-6788-4C22-957E-175D1C513A34},"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1739,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1742,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1745,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1746,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1749,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Name",
          "content": "RecycleBinFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\ParsingName",
          "content": "::{645FF040-5081-101B-9F08-00AA002F954E}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1761,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1763,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1764,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1765,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1766,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1769,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1770,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1771,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Name",
          "content": "CSCFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\ParsingName",
          "content": "shell:::{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\*"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,604",
        "eid": 1789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1791,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EE32E446-31CA-4ABA-814F-A5EBD2FD6D5E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Name",
          "content": "Ringtones"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\RelativePath",
          "content": "Microsoft\\Windows\\Ringtones"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1805,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C870044B-F49E-4126-A9C3-B52A1FF411E8}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Name",
          "content": "Common Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParentFolder",
          "content": "{A4115719-D62E-491D-AA7C-E74B8BE3B067}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\RelativePath",
          "content": "Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21782"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1828,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1829,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1831,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Name",
          "content": "NetHood"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1841,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1842,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\RelativePath",
          "content": "Microsoft\\Windows\\Network Shortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1843,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1846,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1850,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1851,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1852,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1854,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1855,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C5ABBF53-E17F-4121-8900-86626FC2C973}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
          "content": "Contacts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
          "content": "Contacts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
          "content": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{56784854-C6CB-462B-8169-88E350ACB882}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
          "content": "@%CommonProgramFiles%\\system\\wab32res.dll,-10200"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
          "content": "@%CommonProgramFiles%\\system\\wab32res.dll,-10100"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-181"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1873,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
          "content": "{de2b70ec-9bf7-4a93-bd3d-243f7881d492}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1879,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1881,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1885,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Name",
          "content": "UserProgramFilesCommon"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParentFolder",
          "content": "{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1887,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\RelativePath",
          "content": "Common"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1889,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1891,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1892,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1893,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1894,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1895,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1896,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1901,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1902,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1903,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1904,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcbd3057-ca5c-4622-b42d-bc56db0ae516}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Name",
          "content": "Roaming Tiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\RelativePath",
          "content": "Microsoft\\Windows\\RoamingTiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1910,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1911,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,620",
        "eid": 1916,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1917,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{00BCFC5A-ED94-4e48-96A1-3F6217F21990}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1927,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0ddd015d-b06c-45d5-8c4c-f59713854639}\\PropertyBag\\BaseFolderId",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1930,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1932,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1933,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Name",
          "content": "UsersLibrariesFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1935,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1939,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1942,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1944,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A302545D-DEFF-464b-ABE8-61C8648D939B}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1955,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name",
          "content": "Cookies"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1956,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1957,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath",
          "content": "Microsoft\\Windows\\INetCookies"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1961,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1970,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1971,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1972,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1973,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1974,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1975,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1976,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Name",
          "content": "LocalizedResourcesDir"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1977,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1978,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1979,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1980,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1981,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1982,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1983,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1984,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1985,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1986,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1987,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1988,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1989,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1990,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1991,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1992,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1993,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1994,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1995,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1996,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1997,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Name",
          "content": "CommonRingtones"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1998,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 1999,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2000,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\RelativePath",
          "content": "Microsoft\\Windows\\Ringtones"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2001,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2002,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2003,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2004,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2005,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2006,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2007,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2008,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2009,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2010,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2011,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2012,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2013,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2014,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2015,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2016,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{E555AB60-153B-4D17-9F04-A5FE99FC15EC}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2017,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2018,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Name",
          "content": "GameTasks"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2019,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2020,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2021,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\RelativePath",
          "content": "Microsoft\\Windows\\GameExplorer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2022,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2023,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2024,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2025,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2028,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2031,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2034,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2035,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2036,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2037,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{054FAE61-4DD8-4787-80B6-090220C4B700}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2038,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2039,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
          "content": "Favorites"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2040,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2041,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
          "content": "Favorites"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2043,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2044,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2045,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21796"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2046,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-115"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2047,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2048,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2049,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2050,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2051,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2052,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2053,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2054,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2055,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2056,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2057,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2058,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2059,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
          "content": "%USERPROFILE%\\Favorites"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2060,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2061,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2062,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2063,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\\PropertyBag\\BaseFolderId",
          "content": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2064,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2065,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2066,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2067,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2068,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Name",
          "content": "HomeGroupFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2069,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2070,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2071,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2072,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\ParsingName",
          "content": "::{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2073,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2074,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2075,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1013"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2076,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2077,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2078,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2079,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2080,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2081,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,635",
        "eid": 2082,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2083,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2084,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2085,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2086,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2087,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{52528A6B-B9E3-4add-B60D-588C2DBA842D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2088,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2089,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Name",
          "content": "SendTo"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2090,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2091,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2092,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\RelativePath",
          "content": "Microsoft\\Windows\\SendTo"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2093,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2094,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2095,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2096,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2097,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2098,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2099,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{8983036C-27C0-404B-8F08-102D10DCFD74}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Name",
          "content": "PublicAccountPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\RelativePath",
          "content": "AccountPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalizedName",
          "content": "@C:\\Windows\\System32\\Windows.UI.Immersive.dll,-38304"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2125,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2127,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\Attributes",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2128,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0482af6c-08f1-4c34-8c90-e17ec98b1e17}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Name",
          "content": "ImplicitAppShortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParentFolder",
          "content": "{9e3995ab-1f9c-4f13-b827-48b24b6c7174}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\RelativePath",
          "content": "ImplicitAppShortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,651",
        "eid": 2136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2138,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2139,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bcb5256f-79f6-4cee-b725-dc34e402fd46}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2151,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Name",
          "content": "Administrative Tools"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParentFolder",
          "content": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\RelativePath",
          "content": "Administrative Tools"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21762"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{724EF170-A42D-4FEF-9F26-B60E846FBA4F}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
          "content": "My Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
          "content": "Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{1CF1260C-4DD0-4EBB-811F-33C572699FDE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12689"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21790"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-108"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2195,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Name",
          "content": "AddNewProgramsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\ParsingName",
          "content": "shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{15eae92e-f17a-4431-9f28-805e482dafd4}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Name",
          "content": "Captures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParentFolder",
          "content": "{18989B1D-99B5-455B-841C-AB7C74E4DDFC}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\RelativePath",
          "content": "Captures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21826"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{EDC0FE71-98D8-4F4A-B920-C8DC133CB165}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
          "content": "UserProfiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21813"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
          "content": "D:P(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;WD)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Name",
          "content": "InternetFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\ParsingName",
          "content": "::{871C5380-42A0-1069-A2EA-08002B30309D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Name",
          "content": "CameraRollLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\RelativePath",
          "content": "CameraRoll.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{2B20DF75-1EDA-4039-8097-38798227D5B7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34582"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-5"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2300,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2301,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B20DF75-1EDA-4039-8097-38798227D5B7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
          "content": "System"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2315,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2322,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2323,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2324,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2325,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Name",
          "content": "Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2326,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParentFolder",
          "content": "{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\RelativePath",
          "content": "Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21782"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,667",
        "eid": 2334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2337,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2338,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2339,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2340,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2341,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2343,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2345,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Name",
          "content": "ProgramFilesX64"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2347,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2351,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2353,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2354,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2355,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2356,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2358,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2359,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2360,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2361,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2363,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2365,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444b-8957-A3773F02200E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Name",
          "content": "AppDataDesktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2369,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\RelativePath",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2371,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2372,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B2C5E279-7ADD-439F-B28C-C41FE1BBF672}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2388,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Name",
          "content": "Camera Roll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2389,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParentFolder",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2390,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\RelativePath",
          "content": "Camera Roll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21824"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AB5FB87B-7CE2-4F83-915D-550846C9537B}\\InitFolderHandler",
          "content": "{B26388EA-AD62-430f-AF5C-CFA63BFE94A6}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Name",
          "content": "MyComputerFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\ParsingName",
          "content": "::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0AC0837C-BBF8-452A-850D-79D08E667CA7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Name",
          "content": "Common Administrative Tools"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParentFolder",
          "content": "{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\RelativePath",
          "content": "Administrative Tools"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21762"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2440,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2444,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D0384E7D-BAC3-4797-8F14-CBA229B392B5}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Name",
          "content": "DocumentsLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\RelativePath",
          "content": "Documents.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34575"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1002"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,682",
        "eid": 2470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7b0db17d-9cd2-4a93-9733-46cc89022e7c}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Name",
          "content": "Application Shortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\RelativePath",
          "content": "Microsoft\\Windows\\Application Shortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-50704"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A3918781-E5F2-4890-B3D9-A7E54332328C}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2493,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Name",
          "content": "Recent"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2494,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2496,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\RelativePath",
          "content": "Microsoft\\Windows\\Recent"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InfoTip",
          "content": "@shell32,dll,-12692"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21797"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2500,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-117"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AE50C081-EBD2-438A-8655-8A092E34987A}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Name",
          "content": "Screenshots"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParentFolder",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\RelativePath",
          "content": "Screenshots"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21823"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{b7bede81-df94-4682-a7d8-57a52620b86f}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Name",
          "content": "SavedPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParentFolder",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\RelativePath",
          "content": "Saved Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34583"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3B193882-D3AD-4eab-965A-69829D1FB59F}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Name",
          "content": "Common AppData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
          "content": "Local AppData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
          "content": "AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Name",
          "content": "ThisPCDesktopFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\RelativePath",
          "content": "Desktop"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21769"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-183"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,698",
        "eid": 2609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PreCreate",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2618,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
          "content": "CommonPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
          "content": "Pictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12688"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21802"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Name",
          "content": "AppsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\ParsingName",
          "content": "shell:::{4234d49b-0245-4df3-b780-3893943456e1}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1e87508d-89c2-42f0-8a7e-645a0f50ca58}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Name",
          "content": "PrintHood"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2665,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\RelativePath",
          "content": "Microsoft\\Windows\\Printer Shortcuts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2668,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2669,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2673,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Name",
          "content": "Development Files"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\RelativePath",
          "content": "DevelopmentFiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2697,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2699,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2700,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2701,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2702,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2703,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2704,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DBE8E08E-3053-4BBC-B183-2A7B2B191E59}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2705,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2706,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Name",
          "content": "PhotoAlbums"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2707,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParentFolder",
          "content": "{33E28130-4E1E-4676-835A-98395C3BC3BB}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2708,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\RelativePath",
          "content": "Slide Shows"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21819"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2716,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2725,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2726,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
          "content": "Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2729,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2730,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
          "content": "Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{374DE290-123F-4565-9164-39C4925E467B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2733,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21798"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2734,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-184"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
          "content": "S:AI(RA;IOOICI;;;;WD;(\"IMAGELOAD\",TU,0x0,0x01))"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2736,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,714",
        "eid": 2737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2739,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2742,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2745,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
          "content": "{885A186E-A440-4ADA-812B-DB871B942259}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2746,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2749,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Name",
          "content": "AppMods"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParentFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\RelativePath",
          "content": "AppMods"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21829"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2761,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2763,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2764,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2765,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2766,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2769,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2770,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2771,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\FolderTypeID",
          "content": "{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2773,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{7AD67899-66AF-43BA-9156-6AAD42E6C596}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a0c69a99-21c8-4671-8703-7934162fcf1d}\\PropertyBag\\BaseFolderId",
          "content": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2780,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Name",
          "content": "AppUpdatesFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2791,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2805,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Name",
          "content": "CommonDownloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\RelativePath",
          "content": "Downloads"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21808"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3D644C9B-1FB8-4f30-9B45-F670235F79C0}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2828,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7d83ee9b-2244-4e70-b1f5-5393042af1e4}\\PropertyBag\\BaseFolderId",
          "content": "{374DE290-123F-4565-9164-39C4925E467B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,729",
        "eid": 2829,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2831,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Name",
          "content": "Common Start Menu Places"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\RelativePath",
          "content": "Microsoft\\Windows\\Start Menu Places"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21786"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2841,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2842,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2843,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2846,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2847,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2848,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2850,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2851,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2852,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A440879F-87A0-4F7D-B700-0207B966194A}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2854,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Name",
          "content": "PicturesLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2855,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParentFolder",
          "content": "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\RelativePath",
          "content": "Pictures.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\ParsingName",
          "content": "::{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\{A990AE9F-A03B-4e80-94BC-9912D7504104}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12688"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-34595"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1003"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2873,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A990AE9F-A03B-4e80-94BC-9912D7504104}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
          "content": "Public"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2876,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2877,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2879,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21816"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
          "content": "D:PAI(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICIIO;0x1301ff;;;IU)(A;;0x1200af;;;IU)(A;OICIIO;0x1301ff;;;SU)(A;;0x1200af;;;SU)(A;OICIIO;0x1301ff;;;S-1-5-3)(A;;0x1200af;;;S-1-5-3)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2885,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2887,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2888,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2889,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2891,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2892,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2893,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2894,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2895,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2896,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Name",
          "content": "RecordedTVLibrary"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParentFolder",
          "content": "{48daf80b-e6cf-4f4e-b800-0e69d84ee384}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2899,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\RelativePath",
          "content": "RecordedTV.library-ms"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2900,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2901,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2902,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-34615"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2903,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-1008"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2904,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResource",
          "content": "%SystemRoot%\\system32\\shell32.dll,-8"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\StreamResourceType",
          "content": "LIBRARY"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2910,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Stream",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2911,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2912,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1A6FDBA2-F42D-4358-A798-B74D745926C5}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2916,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2917,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Name",
          "content": "AppDataProgramData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2919,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\RelativePath",
          "content": "ProgramData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2927,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2930,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2932,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2933,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2935,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{559D40A3-A036-40FA-AF61-84CB430A4D34}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Name",
          "content": "HomeGroupCurrentUserFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2939,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2940,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2941,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2942,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\ParsingName",
          "content": "::{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\$CurrentUser$"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2944,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2951,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2955,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2956,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2957,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,745",
        "eid": 2958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
          "content": "LocalAppDataLow"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2961,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
          "content": "AppData\\LocalLow"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
          "content": "S:(ML;OICI;NW;;;LW)"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2970,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2971,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2972,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2973,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2974,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2975,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2976,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
          "content": "8192"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2977,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2978,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2979,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2980,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Name",
          "content": "Roamed Tile Images"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2981,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2982,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2983,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\RelativePath",
          "content": "Microsoft\\Windows\\RoamedTileImages"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2984,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2985,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2986,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2987,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2988,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2989,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2990,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2991,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2992,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2993,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2994,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2995,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2996,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2997,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2998,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 2999,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3000,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3001,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Name",
          "content": "ProgramFilesCommonX64"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3002,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3003,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3004,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3005,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3006,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3007,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3008,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3009,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3010,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3011,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3012,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3013,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3014,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3015,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3016,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3017,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3018,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3019,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3020,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6365D5A7-0F0D-45e5-87F6-0DA56B6A4F7D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3021,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3022,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Name",
          "content": "CryptoKeys"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3023,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3024,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3025,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3026,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3027,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3028,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3029,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3030,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3031,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3032,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3033,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3034,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3035,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3036,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3037,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3038,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3039,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3040,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3041,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B88F4DAA-E7BD-49a9-B74D-02885A5DC765}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3042,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3043,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Name",
          "content": "Original Images"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3044,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3045,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3046,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\RelativePath",
          "content": "Microsoft\\Windows Photo Gallery\\Original Images"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3047,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3048,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3049,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3050,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3051,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3052,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3053,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3054,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3055,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3056,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3057,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3058,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3059,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3060,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3061,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3062,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3063,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3064,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Name",
          "content": "User Pinned"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3065,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParentFolder",
          "content": "{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3066,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3067,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\RelativePath",
          "content": "User Pinned"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3068,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3069,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3070,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3071,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3072,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3073,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3074,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3075,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3076,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3077,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,760",
        "eid": 3078,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3079,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3080,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3081,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\Attributes",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3082,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3083,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3084,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3085,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Name",
          "content": "ChangeRemoveProgramsFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3086,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3087,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3088,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3089,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3090,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3091,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3092,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3093,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3094,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3095,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3096,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3097,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3098,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3099,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{df7266ac-9274-4867-8d55-3bd661de872d}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
          "content": "Common Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3107,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3108,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3109,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
          "content": "Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3110,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3111,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3112,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21801"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3113,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3114,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3116,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3117,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3124,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3125,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3126,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3127,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
          "content": "SystemX86"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3128,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3130,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3131,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3132,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3133,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3137,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3138,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3139,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Name",
          "content": "AccountPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3151,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\RelativePath",
          "content": "Microsoft\\Windows\\AccountPictures"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalizedName",
          "content": "@C:\\Windows\\System32\\Windows.UI.Immersive.dll,-38305"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{008CA0B1-55B4-4C56-B8A8-4DE4B299D3BE}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
          "content": "CommonMusic"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
          "content": "{DFDF76A2-C82A-4D63-906A-5644AC457385}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
          "content": "Music"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-12689"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21803"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Name",
          "content": "SearchHistoryFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\RelativePath",
          "content": "Microsoft\\Windows\\ConnectedSearch\\History"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3195,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Name",
          "content": "ProgramFiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,776",
        "eid": 3217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21781"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Name",
          "content": "Fonts"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParentFolder",
          "content": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
          "content": "Startup"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
          "content": "{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
          "content": "StartUp"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21787"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3266,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Name",
          "content": "AppDataFavorites"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\RelativePath",
          "content": "Favorites"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3284,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3285,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3286,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3287,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3288,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3290,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3291,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7CFBEFBC-DE1F-45AA-B843-A542AC536CC9}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3294,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3295,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Name",
          "content": "Recorded Calls"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3296,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParentFolder",
          "content": "{5E6C858F-0E22-4760-9AFE-EA3317B67173}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3297,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3298,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\RelativePath",
          "content": "Recorded Calls"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3299,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3300,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3301,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21827"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3312,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3315,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{2F8B40C2-83ED-48EE-B383-A1F157EC6F9A}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3316,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3317,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3318,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Name",
          "content": "Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3321,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3322,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\RelativePath",
          "content": "Microsoft\\Windows\\Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3323,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3324,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3325,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21786"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3326,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3328,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3337,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3338,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3339,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3340,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Name",
          "content": "NetworkPlacesFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3341,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3343,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\ParsingName",
          "content": "::{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3345,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3347,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,792",
        "eid": 3349,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3351,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3353,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3354,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3355,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3356,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3358,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3359,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3360,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3361,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
          "content": "Playlists"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3362,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
          "content": "{4BD8D571-6D19-48D3-BE97-422220080E43}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3363,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3364,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
          "content": "Playlists"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3365,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3366,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21818"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3368,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3369,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3371,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3372,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3378,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3379,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3380,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Name",
          "content": "DpapiKeys"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3388,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3389,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3390,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3396,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3397,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3400,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3401,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{10C07CD0-EF91-4567-B850-448B77CB37F9}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3402,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3403,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
          "content": "Personal"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3404,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath",
          "content": "Documents"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3407,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
          "content": "shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\windows.storage.dll,-21770"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-112"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3420,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3421,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3422,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag\\ThisPCPolicy",
          "content": "Hide"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3425,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Name",
          "content": "OEM Links"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3431,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\RelativePath",
          "content": "OEM Links"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3440,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3444,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3448,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3449,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Name",
          "content": "SearchHomeFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\ParsingName",
          "content": "::{9343812e-1c37-4a49-a12e-4b2d810d956b}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3455,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3456,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3458,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3467,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{190337d1-b8ca-4121-a639-6d472d16972a}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\ThisPCPolicy",
          "content": "Show"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{f42ee2d3-909f-4907-8871-4c22fc0bf756}\\PropertyBag\\BaseFolderId",
          "content": "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3474,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisablePersonalDirChange",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3475,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,807",
        "eid": 3476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\RDVirtualizationPool",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3477,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3478,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Name",
          "content": "ThisDeviceFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3479,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3482,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\ParsingName",
          "content": "::{f8278c54-a712-415b-b593-b77a2be0dda9}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3483,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3485,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3486,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3487,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3489,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3490,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3492,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3493,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3494,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3495,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3496,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3497,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1C2AC1DC-4358-4B6C-9733-AF21156576F0}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3499,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Name",
          "content": "SystemCertificates"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3500,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3501,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3502,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3503,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3504,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3505,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3506,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3507,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3508,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3509,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3510,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3511,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3512,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3513,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3515,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3516,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3518,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{54EED2E0-E7CA-4fdb-9148-0F4247291CFA}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3519,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3520,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Name",
          "content": "Links"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3521,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3522,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3523,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\RelativePath",
          "content": "Links"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3524,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\ParsingName",
          "content": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3526,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21810"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3527,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-185"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3528,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3529,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3530,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3531,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3532,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3533,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3534,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3537,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3540,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3543,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Name",
          "content": "UserProgramFiles"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3545,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3546,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\RelativePath",
          "content": "Programs"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3548,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3549,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3550,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3551,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3554,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3556,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3557,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3558,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3560,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3561,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3563,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5cd7aee2-2219-4a67-b85d-6c9ce15660cb}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3565,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Name",
          "content": "Common Templates"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3568,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\RelativePath",
          "content": "Microsoft\\Windows\\Templates"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3569,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3570,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3573,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3574,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3575,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3577,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3580,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3581,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3582,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B94237E7-57AC-4347-9151-B08C6C32D1F7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3585,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name",
          "content": "Cache"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3588,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3589,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath",
          "content": "Microsoft\\Windows\\INetCache"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3590,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3593,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3596,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3597,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3598,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3603,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3604,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,823",
        "eid": 3605,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3606,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Name",
          "content": "Templates"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParentFolder",
          "content": "{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\RelativePath",
          "content": "Microsoft\\Windows\\Templates"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3623,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3625,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3626,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A63293E8-664E-48DB-A079-DF759E0509F7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3627,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Category",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Name",
          "content": "Device Metadata Store"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParentFolder",
          "content": "{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3630,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3631,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\RelativePath",
          "content": "Microsoft\\Windows\\DeviceMetadataStore"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3632,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3633,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3634,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3635,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3636,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3638,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3640,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3641,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3642,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3643,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3644,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3645,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5CE4A5E9-E4EB-479D-B89F-130C02886155}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3648,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3649,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Name",
          "content": "ControlPanelFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3650,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3651,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3652,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3653,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3654,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3655,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3656,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3657,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3658,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3659,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3660,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3661,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3662,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3663,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3665,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3668,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{82A74AEB-AEB4-465C-A014-D097EE346D63}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3669,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3670,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
          "content": "ProgramFilesX86"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3671,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3672,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3673,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3674,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3675,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3676,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21817"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3678,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3679,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3681,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3682,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3683,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3684,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3685,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3686,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3687,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3688,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3689,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3690,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Category",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3691,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Name",
          "content": "SyncCenterFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3692,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\ParsingName",
          "content": "::{26EE0668-A00A-44D7-9371-BEB064C98683}\\0\\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3697,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3698,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3699,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3700,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3701,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3702,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3703,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3704,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3705,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3706,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3707,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3708,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3709,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3710,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{43668BF8-C14E-49B2-97C9-747784D784B7}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3711,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Category",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3712,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Name",
          "content": "CredentialManager"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3713,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3714,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3715,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\RelativePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3716,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3717,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,839",
        "eid": 3719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3724,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3725,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3726,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3727,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3728,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3729,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3730,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3731,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{915221FB-9EFE-4bda-8FD7-F78DCA774F87}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3733,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Name",
          "content": "SearchTemplatesFolder"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3734,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3735,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3736,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\RelativePath",
          "content": "Microsoft\\Windows\\ConnectedSearch\\Templates"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3737,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3738,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3739,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3741,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3742,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3743,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3744,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3745,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3746,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3747,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3748,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3749,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3750,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Name",
          "content": "SavedGames"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\RelativePath",
          "content": "Saved Games"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\ParsingName",
          "content": "::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\LocalizedName",
          "content": "@%SystemRoot%\\system32\\shell32.dll,-21814"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3761,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Icon",
          "content": "%SystemRoot%\\system32\\imageres.dll,-186"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3763,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3764,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3765,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3766,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Roamable",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3767,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PreCreate",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3768,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3769,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3770,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3771,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\Attributes",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3774,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002\\ProfileImagePath",
          "content": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3777,
        "data": {
          "file": "C:\\Users\\Rajesh\\Searches\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3778,
        "data": {
          "file": "C:\\Users\\Rajesh\\Contacts\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,854",
        "eid": 3779,
        "data": {
          "file": "C:\\Users\\Rajesh\\Favorites\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,870",
        "eid": 3780,
        "data": {
          "file": "C:\\Users\\Rajesh\\Links\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:24,870",
        "eid": 3781,
        "data": {
          "file": "C:\\Users\\Rajesh\\Saved Games\\desktop.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,870",
        "eid": 3782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,870",
        "eid": 3783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,870",
        "eid": 3784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,870",
        "eid": 3785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\ShellFolder\\FolderValueFlags",
          "content": "1080"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,870",
        "eid": 3786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,870",
        "eid": 3787,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,870",
        "eid": 3788,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Start Menu",
          "content": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,885",
        "eid": 3789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu",
          "content": "%ProgramData%\\Microsoft\\Windows\\Start Menu"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,885",
        "eid": 3790,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Recent",
          "content": "%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Recent"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,885",
        "eid": 3791,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
          "content": "%USERPROFILE%\\Documents"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,901",
        "eid": 3792,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivationType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3794,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Server",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\DllPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Threading",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\TrustLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\RemoteServer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateAsUser",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInSharedBroker",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateInBrokerForMediumILContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExePath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3805,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CommandLine",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\IdentityType",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Permissions",
          "content": "\\x01\\x00\\x14\\x80\\x9c\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x14\\x00\\x00\\x000\\x00\\x00\\x00\\x02\\x00\\x1c\\x00\\x01\\x00\\x00\\x00\\x11\\x00\\x14\\x00\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x10\\x00\\x00\\x02\\x00l\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x1f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x1f\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x1f\\x00\\x00\\x00\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\n\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ActivatableClasses",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServerType",
          "content": "2"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\AppId",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\Identity",
          "content": "nt authority\\system"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ServiceName",
          "content": "StateRepository"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\ExplicitPsmActivationType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32\\(Default)",
          "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3816,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3817,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3818,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3819,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\(Default)",
          "content": "PSFactoryBuffer"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3828,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\System32\\\\Windows.StateRepositoryPS.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3829,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3831,
        "data": {
          "file": "C:\\Windows\\System32\\Windows.StateRepositoryPS.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a1300000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,917",
        "eid": 3832,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32\\(Default)",
          "content": "{c53e07ec-25f3-4093-aa39-fc67ea22e99d}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers\\.jpg",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.jpg\\(Default)",
          "content": "{a38b883c-1682-497e-97b0-0a3a9e801682}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\DisableProcessIsolation",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\NoOplock",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\UseInProcHandlerCache",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\UseOutOfProcHandlerCache",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3841,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a8a40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3842,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3843,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\PhotoMetadataHandler.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3844,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32\\LoadWithoutCOM",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3845,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\PhotoMetadataHandler.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3846,
        "data": {
          "file": "PhotoMetadataHandler.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3847,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF",
          "content": "\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1b\\xf4A\\x8f}\\x07\\xdd\\x01"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3848,
        "data": {
          "file": "C:\\Windows\\System32\\PhotoMetadataHandler.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff998e30000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,932",
        "eid": 3849,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{a38b883c-1682-497e-97b0-0a3a9e801682}\\EnableShareDenyNone",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,948",
        "eid": 3850,
        "data": {
          "file": "C:\\Windows\\System32\\SHCore.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a9d30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,964",
        "eid": 3851,
        "data": {
          "file": "PhotoMetadataHandler.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff998e30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,964",
        "eid": 3852,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:24,995",
        "eid": 3853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,995",
        "eid": 3854,
        "data": {
          "file": "comctl32",
          "pathtofile": null,
          "moduleaddress": "0x7ff994050000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:24,995",
        "eid": 3855,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,010",
        "eid": 3856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,010",
        "eid": 3857,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,010",
        "eid": 3858,
        "data": {
          "file": "COMCTL32.DLL",
          "pathtofile": null,
          "moduleaddress": "0x7ff994050000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,010",
        "eid": 3859,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,042",
        "eid": 3860,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff994050000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,042",
        "eid": 3861,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,042",
        "eid": 3862,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff994050000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,042",
        "eid": 3863,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,073",
        "eid": 3864,
        "data": {
          "file": "C:\\Windows\\system32\\mspaint.exe",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,073",
        "eid": 3865,
        "data": {
          "file": "C:\\Windows\\system32\\mspaint.exe",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,089",
        "eid": 3866,
        "data": {
          "file": "C:\\Windows\\system32\\mspaint.exe",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,089",
        "eid": 3867,
        "data": {
          "file": "C:\\Windows\\system32\\mspaint.exe",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,089",
        "eid": 3868,
        "data": {
          "file": "C:\\Windows\\system32\\mspaint.exe",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,089",
        "eid": 3869,
        "data": {
          "file": "C:\\Windows\\system32\\mspaint.exe",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,089",
        "eid": 3870,
        "data": {
          "file": "C:\\Windows\\system32\\mspaint.exe",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,089",
        "eid": 3871,
        "data": {
          "file": "C:\\Windows\\system32\\mspaint.exe",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,089",
        "eid": 3872,
        "data": {
          "file": "C:\\Windows\\system32\\mspaint.exe",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,089",
        "eid": 3873,
        "data": {
          "file": "C:\\Windows\\system32\\mspaint.exe",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,104",
        "eid": 3874,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,198",
        "eid": 3875,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,198",
        "eid": 3876,
        "data": {
          "file": "C:\\Windows\\System32\\dwmapi.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a5f20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,198",
        "eid": 3877,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,214",
        "eid": 3878,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,214",
        "eid": 3879,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,245",
        "eid": 3880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,260",
        "eid": 3881,
        "data": {
          "file": "USER32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,292",
        "eid": 3882,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization\\PersonalColors_Background",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,292",
        "eid": 3883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization\\NoChangingStartMenuBackground",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,292",
        "eid": 3884,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-30 02:26:25,464",
        "eid": 3885,
        "data": {
          "file": "C:\\Windows\\win.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,464",
        "eid": 3886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\SafeProcessSearchMode",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,464",
        "eid": 3887,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,464",
        "eid": 3888,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,464",
        "eid": 3889,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,464",
        "eid": 3890,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:25,479",
        "eid": 3891,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,495",
        "eid": 3892,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell\\TabletMode",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,495",
        "eid": 3893,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM\\ColorPrevalence",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,526",
        "eid": 3894,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell\\TabletMode",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:25,526",
        "eid": 3895,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM\\ColorPrevalence",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,680",
        "eid": 3896,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\Sink Transmit Buffer Size",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,680",
        "eid": 3897,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\DefaultRpcStackSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,680",
        "eid": 3898,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
          "content": "kernel32.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,680",
        "eid": 3899,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9aa3d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,680",
        "eid": 3900,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,695",
        "eid": 3901,
        "data": {
          "file": "USER32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,695",
        "eid": 3902,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,695",
        "eid": 3903,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,695",
        "eid": 3904,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,695",
        "eid": 3905,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,695",
        "eid": 3906,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,695",
        "eid": 3907,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,695",
        "eid": 3908,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,695",
        "eid": 3909,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,711",
        "eid": 3910,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,727",
        "eid": 3911,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemprox.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97fc40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,727",
        "eid": 3912,
        "data": {
          "file": "wmisvc.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,727",
        "eid": 3913,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wbemsvc.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff97fc20000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,727",
        "eid": 3914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\\ProxyStubClsid32\\(Default)",
          "content": "{7C857801-7381-11CF-884D-00AA004B2E24}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,727",
        "eid": 3915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\\ProxyStubClsid32\\(Default)",
          "content": "{7C857801-7381-11CF-884D-00AA004B2E24}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3916,
        "data": {
          "file": "api-ms-win-core-localization-l1-2-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a8430000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3917,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3918,
        "data": {
          "file": "api-ms-win-core-localization-obsolete-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff9a8430000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3919,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3922,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3923,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}\\ProxyStubClsid32\\(Default)",
          "content": "{D68AF00A-29CB-43FA-8504-CE99A996D9EA}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3925,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3927,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)",
          "content": "Microsoft WBEM (non)Standard Marshaling for IWbemServices"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3930,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3931,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3932,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3933,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3934,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)",
          "content": "Microsoft WBEM (non)Standard Marshaling for IWbemServices"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3935,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3936,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3937,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3938,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,742",
        "eid": 3939,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\AppID",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,758",
        "eid": 3940,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\fastprox.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff99dc10000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,758",
        "eid": 3941,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,758",
        "eid": 3942,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,773",
        "eid": 3943,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM\\EnableObjectValidation",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,773",
        "eid": 3944,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,773",
        "eid": 3945,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,773",
        "eid": 3946,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\\(Default)",
          "content": "Microsoft WMI Provider Subsystem Host"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,773",
        "eid": 3947,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\\ProxyStubClsid32\\(Default)",
          "content": "{7C857801-7381-11CF-884D-00AA004B2E24}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,773",
        "eid": 3948,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{07435309-D440-41B7-83F3-EB82DB6C622F}\\ProxyStubClsid32\\(Default)",
          "content": "{7C857801-7381-11CF-884D-00AA004B2E24}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,789",
        "eid": 3949,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\\ProxyStubClsid32\\(Default)",
          "content": "{7C857801-7381-11CF-884D-00AA004B2E24}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,789",
        "eid": 3950,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\\ProxyStubClsid32\\(Default)",
          "content": "{7C857801-7381-11CF-884D-00AA004B2E24}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,789",
        "eid": 3951,
        "data": {
          "file": "C:\\Windows\\System32\\wbem\\wmiutils.dll",
          "pathtofile": null,
          "moduleaddress": "0x7ff99e310000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3952,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)",
          "content": "{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3953,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3954,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3955,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3956,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3957,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3958,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3959,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3960,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\ActivateOnHostFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3961,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3962,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
          "content": "Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3963,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3964,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3965,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
          "content": "%systemroot%\\system32\\wbem\\fastprox.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,805",
        "eid": 3966,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
          "content": "Both"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,820",
        "eid": 3967,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\AppID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,820",
        "eid": 3968,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
          "content": "{7C857801-7381-11CF-884D-00AA004B2E24}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-30 02:26:32,820",
        "eid": 3969,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
          "content": "{7C857801-7381-11CF-884D-00AA004B2E24}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-30 02:26:32,820",
        "eid": 3970,
        "data": {
          "file": "ntdll",
          "pathtofile": null,
          "moduleaddress": null
        }
      }
    ],
    "encryptedbuffers": [],
    "network_map": {
      "endpoint_map": {},
      "http_host_map": {},
      "dns_intents": {},
      "http_requests": [],
      "winhttp_sessions": [],
      "com_activations": []
    }
  },
  "debug": {
    "log": "2026-06-29 14:58:58,620 [root] INFO: Date set to: 20260629T19:26:05, timeout set to: 15\n2026-06-29 19:26:05,377 [root] DEBUG: Starting analyzer from: C:\\2_6me6uj\n2026-06-29 19:26:05,378 [root] DEBUG: Storing results at: C:\\hHBMUz\n2026-06-29 19:26:05,378 [root] DEBUG: Pipe server name: \\\\.\\PIPE\\Hwzptua\n2026-06-29 19:26:05,378 [root] DEBUG: Python path: C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314\n2026-06-29 19:26:05,378 [root] INFO: analysis running as an admin\n2026-06-29 19:26:05,379 [root] DEBUG: no analysis package configured, picking one for you\n2026-06-29 19:26:05,395 [root] INFO: analysis package selected: \"generic\"\n2026-06-29 19:26:05,396 [root] DEBUG: importing analysis package module: \"modules.packages.generic\"...\n2026-06-29 19:26:05,401 [root] DEBUG: imported analysis package \"generic\"\n2026-06-29 19:26:05,401 [root] DEBUG: initializing analysis package \"generic\"...\n2026-06-29 19:26:05,402 [lib.common.common] INFO: no wrapping\n2026-06-29 19:26:05,403 [lib.core.compound] INFO: C:\\Users\\Rajesh\\AppData\\Local\\Temp already exists, skipping creation\n2026-06-29 19:26:05,403 [root] DEBUG: New location of moved file: C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\n2026-06-29 19:26:05,404 [root] INFO: Analyzer: Package modules.packages.generic does not specify a dll option\n2026-06-29 19:26:05,404 [root] INFO: Analyzer: Package modules.packages.generic does not specify a dll_64 option\n2026-06-29 19:26:05,405 [root] INFO: Analyzer: Package modules.packages.generic does not specify a loader option\n2026-06-29 19:26:05,405 [root] INFO: Analyzer: Package modules.packages.generic does not specify a loader_64 option\n2026-06-29 19:26:05,423 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.browser\"\n2026-06-29 19:26:05,430 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.digisig\"\n2026-06-29 19:26:05,460 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.disguise\"\n2026-06-29 19:26:05,514 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.human\"\n2026-06-29 19:26:05,520 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'\n2026-06-29 19:26:05,521 [lib.api.screenshot] ERROR: No module named 'PIL'\n2026-06-29 19:26:05,522 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.screenshots\"\n2026-06-29 19:26:05,525 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.tlsdump\"\n2026-06-29 19:26:05,525 [root] DEBUG: Initialized auxiliary module \"Browser\"\n2026-06-29 19:26:05,526 [root] DEBUG: attempting to configure 'Browser' from data\n2026-06-29 19:26:05,527 [root] DEBUG: module Browser does not support data configuration, ignoring\n2026-06-29 19:26:05,528 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.browser\"...\n2026-06-29 19:26:05,742 [root] DEBUG: Started auxiliary module modules.auxiliary.browser\n2026-06-29 19:26:05,744 [root] DEBUG: Initialized auxiliary module \"DigiSig\"\n2026-06-29 19:26:05,744 [root] DEBUG: attempting to configure 'DigiSig' from data\n2026-06-29 19:26:05,744 [root] DEBUG: module DigiSig does not support data configuration, ignoring\n2026-06-29 19:26:05,744 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.digisig\"...\n2026-06-29 19:26:05,745 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature\n2026-06-29 19:26:06,234 [modules.auxiliary.digisig] DEBUG: File has an invalid signature\n2026-06-29 19:26:06,236 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json\n2026-06-29 19:26:06,239 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig\n2026-06-29 19:26:06,239 [root] DEBUG: Initialized auxiliary module \"Disguise\"\n2026-06-29 19:26:06,240 [root] DEBUG: attempting to configure 'Disguise' from data\n2026-06-29 19:26:06,240 [root] DEBUG: module Disguise does not support data configuration, ignoring\n2026-06-29 19:26:06,240 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.disguise\"...\n2026-06-29 19:26:06,243 [modules.auxiliary.disguise] INFO: Launched background process notepad.exe hidden (PID: 2848)\n2026-06-29 19:26:06,248 [modules.auxiliary.disguise] INFO: Disguising GUID to 66c92be0-096a-4693-b2f4-39ea0ebbe16e\n2026-06-29 19:26:06,248 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise\n2026-06-29 19:26:06,249 [root] DEBUG: Initialized auxiliary module \"Human\"\n2026-06-29 19:26:06,249 [root] DEBUG: attempting to configure 'Human' from data\n2026-06-29 19:26:06,250 [root] DEBUG: module Human does not support data configuration, ignoring\n2026-06-29 19:26:06,250 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.human\"...\n2026-06-29 19:26:06,251 [root] DEBUG: Started auxiliary module modules.auxiliary.human\n2026-06-29 19:26:06,252 [root] DEBUG: Initialized auxiliary module \"Screenshots\"\n2026-06-29 19:26:06,252 [root] DEBUG: attempting to configure 'Screenshots' from data\n2026-06-29 19:26:06,253 [root] DEBUG: module Screenshots does not support data configuration, ignoring\n2026-06-29 19:26:06,257 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.screenshots\"...\n2026-06-29 19:26:06,264 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled\n2026-06-29 19:26:06,265 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots\n2026-06-29 19:26:06,265 [root] DEBUG: Initialized auxiliary module \"TLSDumpMasterSecrets\"\n2026-06-29 19:26:06,265 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data\n2026-06-29 19:26:06,266 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring\n2026-06-29 19:26:06,266 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.tlsdump\"...\n2026-06-29 19:26:06,268 [modules.auxiliary.tlsdump] WARNING: Unable to find lsass.exe process\n2026-06-29 19:26:06,268 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump\n2026-06-29 19:26:12,024 [root] INFO: Restarting WMI Service\n2026-06-29 19:26:14,152 [root] DEBUG: package modules.packages.generic does not support configure, ignoring\n2026-06-29 19:26:14,154 [root] WARNING: configuration error for package modules.packages.generic: error importing data.packages.generic: No module named 'data.packages'\n2026-06-29 19:26:14,155 [lib.core.compound] INFO: C:\\Users\\Rajesh\\AppData\\Local\\Temp already exists, skipping creation\n2026-06-29 19:26:14,157 [lib.api.process] INFO: Successfully executed process from path \"C:\\Windows\\system32\\cmd.exe\" with arguments \"/c start /wait \"\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\"\" with pid 3864\n2026-06-29 19:26:14,487 [lib.api.process] INFO: Monitor config for process 3864: C:\\2_6me6uj\\dll\\3864.ini\n2026-06-29 19:26:14,501 [lib.api.process] INFO: 64-bit DLL to inject is C:\\2_6me6uj\\dll\\fOTsOVfP.dll, loader C:\\2_6me6uj\\bin\\oZDbrFhe.exe\n2026-06-29 19:26:14,520 [root] DEBUG: Loader: Injecting process 3864 (thread 2716) with C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:14,522 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-06-29 19:26:14,523 [root] DEBUG: Successfully injected DLL C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:14,526 [lib.api.process] INFO: Injected into 64-bit <Process 3864 cmd.exe>\n2026-06-29 19:26:16,535 [lib.api.process] INFO: Successfully resumed process with pid 3864\n2026-06-29 19:26:16,715 [root] DEBUG: 3864: Python path set to 'C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314'.\n2026-06-29 19:26:16,717 [root] DEBUG: 3864: Disabling sleep skipping.\n2026-06-29 19:26:16,718 [root] DEBUG: 3864: Dropped file limit defaulting to 100.\n2026-06-29 19:26:16,768 [root] DEBUG: 3864: YaraInit: Compiled 44 rule files\n2026-06-29 19:26:16,772 [root] DEBUG: 3864: YaraInit: Compiled rules saved to file C:\\2_6me6uj\\data\\yara\\capemon.yac\n2026-06-29 19:26:16,836 [root] DEBUG: 3864: RtlInsertInvertedFunctionTable 0x00007FF9AAA0090E, LdrpInvertedFunctionTableSRWLock 0x00007FF9AAB5B4F0\n2026-06-29 19:26:16,837 [root] DEBUG: 3864: YaraScan: Scanning 0x00007FF79A450000, size 0x6630a\n2026-06-29 19:26:16,842 [root] DEBUG: 3864: YaraScan hit: FindFixAndRun\n2026-06-29 19:26:16,843 [root] DEBUG: 3864: Monitor initialised: 64-bit capemon loaded in process 3864 at 0x00007FF987A90000, thread 2716, image base 0x00007FF79A450000, stack from 0x00000082A0854000-0x00000082A0950000\n2026-06-29 19:26:16,844 [root] DEBUG: 3864: Commandline: \"C:\\Windows\\system32\\cmd.exe\" /c start /wait \"\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\"\n2026-06-29 19:26:16,860 [root] DEBUG: 3864: hook_api: LdrpCallInitRoutine export address 0x00007FF9AAA099BC obtained via GetFunctionAddress\n2026-06-29 19:26:16,929 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2'\n2026-06-29 19:26:16,931 [root] DEBUG: 3864: set_hooks: Unable to hook LockResource\n2026-06-29 19:26:16,945 [root] DEBUG: 3864: Hooked 630 out of 631 functions\n2026-06-29 19:26:16,950 [root] DEBUG: 3864: set_hooks_exe: Hooked FindFixAndRun at 0x00007FF79A45C620\n2026-06-29 19:26:16,952 [root] DEBUG: 3864: Syscall hook installed, syscall logging level 1\n2026-06-29 19:26:16,965 [root] DEBUG: 3864: RestoreHeaders: Restored original import table.\n2026-06-29 19:26:16,967 [root] INFO: Loaded monitor into process with pid 3864\n2026-06-29 19:26:16,969 [root] DEBUG: 3864: caller_dispatch: Added region at 0x00007FF79A450000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF79A4693C1, thread 2716).\n2026-06-29 19:26:16,971 [root] DEBUG: 3864: YaraScan: Scanning 0x00007FF79A450000, size 0x6630a\n2026-06-29 19:26:16,978 [root] DEBUG: 3864: ProcessImageBase: Main module image at 0x00007FF79A450000 unmodified (entropy change 0.000000e+00)\n2026-06-29 19:26:17,005 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A6030000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-06-29 19:26:17,008 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A8700000: C:\\Windows\\System32\\bcryptPrimitives (0x83000 bytes).\n2026-06-29 19:26:17,012 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A5B50000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-06-29 19:26:17,031 [root] DEBUG: 3864: DLL loaded at 0x00007FF994050000: C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\\comctl32 (0x29a000 bytes).\n2026-06-29 19:26:17,090 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A9D30000: C:\\Windows\\System32\\SHCORE (0xad000 bytes).\n2026-06-29 19:26:17,093 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A7A90000: C:\\Windows\\system32\\Wldp (0x2c000 bytes).\n2026-06-29 19:26:17,094 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A6230000: C:\\Windows\\SYSTEM32\\windows.storage (0x790000 bytes).\n2026-06-29 19:26:17,098 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A2720000: C:\\Windows\\system32\\PROPSYS (0xf6000 bytes).\n2026-06-29 19:26:17,109 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A9600000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-06-29 19:26:17,138 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A8050000: C:\\Windows\\system32\\profapi (0x1f000 bytes).\n2026-06-29 19:26:17,288 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A8110000: C:\\Windows\\System32\\CFGMGR32 (0x4e000 bytes).\n2026-06-29 19:26:17,292 [root] DEBUG: 3864: DLL loaded at 0x00007FF993730000: C:\\Windows\\system32\\edputil (0x24000 bytes).\n2026-06-29 19:26:17,336 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A1300000: C:\\Windows\\System32\\Windows.StateRepositoryPS (0x146000 bytes).\n2026-06-29 19:26:17,349 [root] DEBUG: 3864: DLL loaded at 0x00007FF9903B0000: C:\\Windows\\System32\\Windows.UI.AppDefaults (0x4c000 bytes).\n2026-06-29 19:26:17,447 [root] DEBUG: 3864: DLL loaded at 0x00007FF99F680000: C:\\Windows\\system32\\iertutil (0x2b0000 bytes).\n2026-06-29 19:26:17,448 [root] DEBUG: 3864: DLL loaded at 0x00007FF99F650000: C:\\Windows\\system32\\srvcli (0x28000 bytes).\n2026-06-29 19:26:17,450 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A75F0000: C:\\Windows\\system32\\netutils (0xc000 bytes).\n2026-06-29 19:26:17,453 [root] DEBUG: 3864: DLL loaded at 0x00007FF99F930000: C:\\Windows\\system32\\urlmon (0x1eb000 bytes).\n2026-06-29 19:26:17,464 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A7200000: C:\\Windows\\system32\\msvcp110_win (0x8a000 bytes).\n2026-06-29 19:26:17,465 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A35E0000: C:\\Windows\\SYSTEM32\\policymanager (0xa0000 bytes).\n2026-06-29 19:26:17,502 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A4DC0000: C:\\Windows\\System32\\wintypes (0x154000 bytes).\n2026-06-29 19:26:17,512 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A5A30000: C:\\Windows\\SYSTEM32\\apphelp (0x90000 bytes).\n2026-06-29 19:26:17,522 [root] DEBUG: 3864: DLL loaded at 0x00007FF99CF00000: C:\\Windows\\system32\\WindowsCodecs (0x1b4000 bytes).\n2026-06-29 19:26:17,524 [root] DEBUG: 3864: DLL loaded at 0x00007FF998E30000: C:\\Windows\\system32\\PhotoMetadataHandler (0x81000 bytes).\n2026-06-29 19:26:17,619 [root] DEBUG: 3864: DLL loaded at 0x00007FF99E080000: C:\\Windows\\System32\\Bcp47Langs (0x5c000 bytes).\n2026-06-29 19:26:17,620 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A6C60000: C:\\Windows\\System32\\sppc (0x25000 bytes).\n2026-06-29 19:26:17,621 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A6C90000: C:\\Windows\\System32\\SLC (0x29000 bytes).\n2026-06-29 19:26:17,623 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A7F80000: C:\\Windows\\System32\\USERENV (0x2e000 bytes).\n2026-06-29 19:26:17,624 [root] DEBUG: 3864: DLL loaded at 0x00007FF9971F0000: C:\\Windows\\System32\\appresolver (0x90000 bytes).\n2026-06-29 19:26:17,640 [root] DEBUG: 3864: DLL loaded at 0x00007FF99D480000: C:\\Windows\\System32\\OneCoreCommonProxyStub (0x7d000 bytes).\n2026-06-29 19:26:17,658 [root] DEBUG: 3864: DLL loaded at 0x00007FF99EEA0000: C:\\Windows\\System32\\OneCoreUAPCommonProxyStub (0x798000 bytes).\n2026-06-29 19:26:17,666 [lib.api.process] INFO: Monitor config for process 756: C:\\2_6me6uj\\dll\\756.ini\n2026-06-29 19:26:17,671 [lib.api.process] INFO: 64-bit DLL to inject is C:\\2_6me6uj\\dll\\fOTsOVfP.dll, loader C:\\2_6me6uj\\bin\\oZDbrFhe.exe\n2026-06-29 19:26:17,681 [root] DEBUG: Loader: Injecting process 756 with C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:17,687 [root] DEBUG: 756: Python path set to 'C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314'.\n2026-06-29 19:26:17,688 [root] DEBUG: 756: Disabling sleep skipping.\n2026-06-29 19:26:17,690 [root] DEBUG: 756: Dropped file limit defaulting to 100.\n2026-06-29 19:26:17,693 [root] DEBUG: 756: Services hook set enabled\n2026-06-29 19:26:17,697 [root] DEBUG: 756: YaraInit: Compiled rules loaded from existing file C:\\2_6me6uj\\data\\yara\\capemon.yac\n2026-06-29 19:26:17,719 [root] DEBUG: 756: RtlInsertInvertedFunctionTable 0x00007FF9AAA0090E, LdrpInvertedFunctionTableSRWLock 0x00007FF9AAB5B4F0\n2026-06-29 19:26:17,720 [root] DEBUG: 756: Monitor initialised: 64-bit capemon loaded in process 756 at 0x00007FF987A90000, thread 3120, image base 0x00007FF69D480000, stack from 0x00000036AC4F4000-0x00000036AC500000\n2026-06-29 19:26:17,721 [root] DEBUG: 756: Commandline: C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p\n2026-06-29 19:26:17,739 [root] DEBUG: 756: Hooked 69 out of 69 functions\n2026-06-29 19:26:17,741 [root] INFO: Loaded monitor into process with pid 756\n2026-06-29 19:26:17,743 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-06-29 19:26:17,743 [root] DEBUG: Successfully injected DLL C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:17,747 [lib.api.process] INFO: Injected into 64-bit <Process 756 svchost.exe>\n2026-06-29 19:26:19,769 [root] DEBUG: 3864: CreateProcessHandler: Injection info set for new process 4504: C:\\Windows\\system32\\mspaint.exe, ImageBase: 0x00007FF700FE0000\n2026-06-29 19:26:19,770 [root] INFO: Announced 64-bit process name: mspaint.exe pid: 4504\n2026-06-29 19:26:19,771 [lib.api.process] INFO: Monitor config for process 4504: C:\\2_6me6uj\\dll\\4504.ini\n2026-06-29 19:26:19,778 [lib.api.process] INFO: 64-bit DLL to inject is C:\\2_6me6uj\\dll\\fOTsOVfP.dll, loader C:\\2_6me6uj\\bin\\oZDbrFhe.exe\n2026-06-29 19:26:19,790 [root] DEBUG: Loader: Injecting process 4504 (thread 336) with C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:19,792 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-06-29 19:26:19,793 [root] DEBUG: Successfully injected DLL C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:19,796 [lib.api.process] INFO: Injected into 64-bit <Process 4504 mspaint.exe>\n2026-06-29 19:26:19,803 [root] INFO: Announced 64-bit process name: mspaint.exe pid: 4504\n2026-06-29 19:26:19,803 [lib.api.process] INFO: Monitor config for process 4504: C:\\2_6me6uj\\dll\\4504.ini\n2026-06-29 19:26:19,806 [lib.api.process] INFO: 64-bit DLL to inject is C:\\2_6me6uj\\dll\\fOTsOVfP.dll, loader C:\\2_6me6uj\\bin\\oZDbrFhe.exe\n2026-06-29 19:26:19,819 [root] DEBUG: Loader: Injecting process 4504 (thread 336) with C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:19,820 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-06-29 19:26:19,821 [root] DEBUG: Successfully injected DLL C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:19,823 [lib.api.process] INFO: Injected into 64-bit <Process 4504 mspaint.exe>\n2026-06-29 19:26:19,828 [root] DEBUG: 3864: DLL loaded at 0x00007FF998030000: C:\\Windows\\system32\\MPR (0x1d000 bytes).\n2026-06-29 19:26:19,829 [root] DEBUG: 3864: DLL loaded at 0x00007FF9A31D0000: C:\\Windows\\SYSTEM32\\pcacli (0x16000 bytes).\n2026-06-29 19:26:19,910 [root] DEBUG: 4504: Python path set to 'C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314'.\n2026-06-29 19:26:19,911 [root] DEBUG: 4504: Dropped file limit defaulting to 100.\n2026-06-29 19:26:19,919 [root] DEBUG: 4504: Disabling sleep skipping.\n2026-06-29 19:26:19,922 [root] DEBUG: 4504: YaraInit: Compiled rules loaded from existing file C:\\2_6me6uj\\data\\yara\\capemon.yac\n2026-06-29 19:26:19,943 [root] DEBUG: 4504: RtlInsertInvertedFunctionTable 0x00007FF9AAA0090E, LdrpInvertedFunctionTableSRWLock 0x00007FF9AAB5B4F0\n2026-06-29 19:26:19,945 [root] DEBUG: 4504: YaraScan: Scanning 0x00007FF700FE0000, size 0xf8baa\n2026-06-29 19:26:19,956 [root] DEBUG: 4504: Monitor initialised: 64-bit capemon loaded in process 4504 at 0x00007FF987A90000, thread 336, image base 0x00007FF700FE0000, stack from 0x0000001E5EDE4000-0x0000001E5EDF0000\n2026-06-29 19:26:19,957 [root] DEBUG: 4504: Commandline: \"C:\\Windows\\system32\\mspaint.exe\" \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\"\n2026-06-29 19:26:19,974 [root] DEBUG: 4504: hook_api: LdrpCallInitRoutine export address 0x00007FF9AAA099BC obtained via GetFunctionAddress\n2026-06-29 19:26:20,028 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2'\n2026-06-29 19:26:20,030 [root] DEBUG: 4504: set_hooks: Unable to hook LockResource\n2026-06-29 19:26:20,044 [root] DEBUG: 4504: Hooked 630 out of 631 functions\n2026-06-29 19:26:20,056 [root] DEBUG: 4504: Syscall hook installed, syscall logging level 1\n2026-06-29 19:26:20,064 [root] DEBUG: 4504: RestoreHeaders: Restored original import table.\n2026-06-29 19:26:20,070 [root] INFO: Loaded monitor into process with pid 4504\n2026-06-29 19:26:20,107 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A8700000: C:\\Windows\\System32\\bcryptPrimitives (0x83000 bytes).\n2026-06-29 19:26:20,147 [root] DEBUG: 4504: DLL loaded at 0x00007FF99DDA0000: C:\\Windows\\SYSTEM32\\ninput (0x6a000 bytes).\n2026-06-29 19:26:20,154 [root] DEBUG: 4504: caller_dispatch: Added region at 0x00007FF700FE0000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF70107F9B1, thread 336).\n2026-06-29 19:26:20,156 [root] DEBUG: 4504: YaraScan: Scanning 0x00007FF700FE0000, size 0xf8baa\n2026-06-29 19:26:20,186 [root] DEBUG: 4504: ProcessImageBase: Main module image at 0x00007FF700FE0000 unmodified (entropy change 0.000000e+00)\n2026-06-29 19:26:20,200 [root] DEBUG: 4504: DLL loaded at 0x00007FF990180000: C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_91a663c8cc864906\\gdiplus (0x1a9000 bytes).\n2026-06-29 19:26:20,204 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A5B50000: C:\\Windows\\system32\\uxtheme (0x9e000 bytes).\n2026-06-29 19:26:20,236 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A9A10000: C:\\Windows\\System32\\MSCTF (0x115000 bytes).\n2026-06-29 19:26:20,289 [root] DEBUG: 4504: DLL loaded at 0x00007FF98DE00000: C:\\Windows\\system32\\MSFTEDIT (0x348000 bytes).\n2026-06-29 19:26:20,298 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A6030000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-06-29 19:26:20,387 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A9600000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-06-29 19:26:20,393 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A2820000: C:\\Windows\\system32\\XmlLite (0x36000 bytes).\n2026-06-29 19:26:20,395 [root] DEBUG: 4504: DLL loaded at 0x00007FF9870A0000: C:\\Windows\\system32\\UIRibbon (0x3ec000 bytes).\n2026-06-29 19:26:20,406 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A7A90000: C:\\Windows\\system32\\Wldp (0x2c000 bytes).\n2026-06-29 19:26:20,407 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A6230000: C:\\Windows\\system32\\windows.storage (0x790000 bytes).\n2026-06-29 19:26:20,414 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A4DC0000: C:\\Windows\\SYSTEM32\\wintypes (0x154000 bytes).\n2026-06-29 19:26:20,415 [root] DEBUG: 4504: DLL loaded at 0x00007FF988F00000: C:\\Windows\\System32\\efswrt (0xde000 bytes).\n2026-06-29 19:26:20,420 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A10F0000: C:\\Windows\\System32\\twinapi.appcore (0x201000 bytes).\n2026-06-29 19:26:20,564 [root] INFO: Announced starting service \"b'stisvc'\"\n2026-06-29 19:26:20,566 [lib.api.process] INFO: Monitor config for process 632: C:\\2_6me6uj\\dll\\632.ini\n2026-06-29 19:26:20,571 [lib.api.process] INFO: 64-bit DLL to inject is C:\\2_6me6uj\\dll\\fOTsOVfP.dll, loader C:\\2_6me6uj\\bin\\oZDbrFhe.exe\n2026-06-29 19:26:20,584 [root] DEBUG: Loader: Injecting process 632 with C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:20,587 [root] DEBUG: Loader: Copied config file C:\\2_6me6uj\\dll\\632.ini to system path C:\\632.ini\n2026-06-29 19:26:20,591 [root] DEBUG: Loader: Unable to open process, launched: PPLinject64.exe 632 C:\\2_6me6uj\\dll\\fOTsOVfP.dll\n2026-06-29 19:26:20,593 [root] DEBUG: Successfully injected DLL C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:20,597 [lib.api.process] INFO: Injected into 64-bit <Process 632 services.exe>\n2026-06-29 19:26:23,692 [root] DEBUG: 4504: DLL loaded at 0x00007FF99DFF0000: C:\\Windows\\System32\\sti (0x53000 bytes).\n2026-06-29 19:26:23,696 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A4220000: C:\\Windows\\SYSTEM32\\wiatrace (0xa000 bytes).\n2026-06-29 19:26:23,866 [root] DEBUG: 4504: DLL loaded at 0x00007FF995FC0000: C:\\Windows\\SYSTEM32\\atlthunk (0xd000 bytes).\n2026-06-29 19:26:23,917 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A5F20000: C:\\Windows\\system32\\dwmapi (0x2f000 bytes).\n2026-06-29 19:26:23,974 [root] DEBUG: 4504: DLL loaded at 0x00007FF994E80000: C:\\Windows\\System32\\msxml6 (0x25f000 bytes).\n2026-06-29 19:26:23,995 [root] DEBUG: 4504: DLL loaded at 0x00007FF99CF00000: C:\\Windows\\system32\\windowscodecs (0x1b4000 bytes).\n2026-06-29 19:26:24,256 [root] DEBUG: 4504: DLL loaded at 0x00007FF998F00000: C:\\Windows\\SYSTEM32\\TextShaping (0xac000 bytes).\n2026-06-29 19:26:24,310 [root] DEBUG: 4504: DLL loaded at 0x00007FF992900000: C:\\Windows\\System32\\oleacc (0x66000 bytes).\n2026-06-29 19:26:24,396 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A8110000: C:\\Windows\\System32\\CFGMGR32 (0x4e000 bytes).\n2026-06-29 19:26:24,464 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A8050000: C:\\Windows\\system32\\profapi (0x1f000 bytes).\n2026-06-29 19:26:24,937 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A1300000: C:\\Windows\\System32\\Windows.StateRepositoryPS (0x146000 bytes).\n2026-06-29 19:26:24,951 [root] DEBUG: 4504: DLL loaded at 0x00007FF998E30000: C:\\Windows\\system32\\PhotoMetadataHandler (0x81000 bytes).\n2026-06-29 19:26:25,247 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A6E00000: C:\\Windows\\SYSTEM32\\ntmarta (0x33000 bytes).\n2026-06-29 19:26:25,249 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A57F0000: C:\\Windows\\System32\\CoreMessaging (0xf2000 bytes).\n2026-06-29 19:26:25,250 [root] DEBUG: 4504: DLL loaded at 0x00007FF9A5490000: C:\\Windows\\System32\\CoreUIComponents (0x35e000 bytes).\n2026-06-29 19:26:25,259 [root] DEBUG: 4504: DLL loaded at 0x00007FF99BC00000: C:\\Windows\\SYSTEM32\\textinputframework (0xf9000 bytes).\n2026-06-29 19:26:25,596 [root] DEBUG: 4504: DLL loaded at 0x00007FF9AA490000: C:\\Windows\\System32\\coml2 (0x79000 bytes).\n2026-06-29 19:26:31,433 [root] DEBUG: 756: CreateProcessHandler: Injection info set for new process 2492: C:\\Windows\\system32\\wbem\\wmiprvse.exe, ImageBase: 0x00007FF712FE0000\n2026-06-29 19:26:31,435 [root] INFO: Announced 64-bit process name: WmiPrvSE.exe pid: 2492\n2026-06-29 19:26:31,435 [lib.api.process] INFO: Monitor config for process 2492: C:\\2_6me6uj\\dll\\2492.ini\n2026-06-29 19:26:31,690 [root] INFO: Analysis timeout hit, terminating analysis\n2026-06-29 19:26:31,694 [lib.api.process] INFO: Terminate event set for process 3864\n2026-06-29 19:26:31,695 [root] DEBUG: 3864: Terminate Event: Attempting to dump process 3864\n2026-06-29 19:26:31,697 [root] DEBUG: 3864: VerifyCodeSection: Executable code does not match, 0xb620 of 0x30ef9 matching\n2026-06-29 19:26:31,698 [root] DEBUG: 3864: DoProcessDump: Code modification detected, dumping Imagebase at 0x00007FF79A450000.\n2026-06-29 19:26:31,699 [root] DEBUG: 3864: DumpImageInCurrentProcess: Attempting to dump virtual PE image.\n2026-06-29 19:26:31,701 [root] DEBUG: 3864: DumpProcess: Instantiating PeParser with address: 0x00007FF79A450000.\n2026-06-29 19:26:31,702 [root] DEBUG: 3864: DumpProcess: Module entry point VA is 0x00007FF79A468F50.\n2026-06-29 19:26:31,719 [lib.common.results] INFO: Uploading file C:\\hHBMUz\\CAPE\\3864_289873126230262026 to procdump\\6fdb66c7cc6af48318ac063e472999e4271db238038017883c923ca46ee35795; Size is 401920; Max size: 100000000\n2026-06-29 19:26:31,750 [root] DEBUG: 3864: DumpProcess: Module image dump success - dump size 0x62200.\n2026-06-29 19:26:31,774 [root] DEBUG: 3864: Terminate Event: Shutdown complete for process 3864 but failed to inform analyzer.\n2026-06-29 19:26:32,478 [lib.api.process] INFO: 64-bit DLL to inject is C:\\2_6me6uj\\dll\\fOTsOVfP.dll, loader C:\\2_6me6uj\\bin\\oZDbrFhe.exe\n2026-06-29 19:26:32,490 [root] DEBUG: Loader: Injecting process 2492 (thread 1536) with C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:32,492 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-06-29 19:26:32,493 [root] DEBUG: Successfully injected DLL C:\\2_6me6uj\\dll\\fOTsOVfP.dll.\n2026-06-29 19:26:32,496 [lib.api.process] INFO: Injected into 64-bit <Process 2492 WmiPrvSE.exe>\n2026-06-29 19:26:32,512 [root] DEBUG: 2492: Python path set to 'C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314'.\n2026-06-29 19:26:32,514 [root] DEBUG: 2492: Dropped file limit defaulting to 100.\n2026-06-29 19:26:32,522 [root] DEBUG: 2492: Disabling sleep skipping.\n2026-06-29 19:26:32,524 [root] DEBUG: 2492: YaraInit: Compiled rules loaded from existing file C:\\2_6me6uj\\data\\yara\\capemon.yac\n2026-06-29 19:26:32,551 [root] DEBUG: 2492: RtlInsertInvertedFunctionTable 0x00007FF9AAA0090E, LdrpInvertedFunctionTableSRWLock 0x00007FF9AAB5B4F0\n2026-06-29 19:26:32,552 [root] DEBUG: 2492: YaraScan: Scanning 0x00007FF712FE0000, size 0x7dcfe\n2026-06-29 19:26:32,559 [root] DEBUG: 2492: Monitor initialised: 64-bit capemon loaded in process 2492 at 0x00007FF987A90000, thread 1536, image base 0x00007FF712FE0000, stack from 0x0000000E2AD20000-0x0000000E2AD30000\n2026-06-29 19:26:32,560 [root] DEBUG: 2492: Commandline: C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding\n2026-06-29 19:26:32,579 [root] DEBUG: 2492: hook_api: LdrpCallInitRoutine export address 0x00007FF9AAA099BC obtained via GetFunctionAddress\n2026-06-29 19:26:32,636 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2'\n2026-06-29 19:26:32,638 [root] DEBUG: 2492: set_hooks: Unable to hook LockResource\n2026-06-29 19:26:32,649 [root] DEBUG: 2492: Hooked 630 out of 631 functions\n2026-06-29 19:26:32,656 [root] DEBUG: 2492: Syscall hook installed, syscall logging level 1\n2026-06-29 19:26:32,667 [root] DEBUG: 2492: RestoreHeaders: Restored original import table.\n2026-06-29 19:26:32,668 [root] INFO: Loaded monitor into process with pid 2492\n2026-06-29 19:26:32,671 [root] DEBUG: 2492: caller_dispatch: Added region at 0x00007FF712FE0000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF712FF2CD1, thread 1536).\n2026-06-29 19:26:32,672 [root] DEBUG: 2492: YaraScan: Scanning 0x00007FF712FE0000, size 0x7dcfe\n2026-06-29 19:26:32,682 [root] DEBUG: 2492: ProcessImageBase: Main module image at 0x00007FF712FE0000 unmodified (entropy change 0.000000e+00)\n2026-06-29 19:26:32,696 [root] DEBUG: 2492: DLL loaded at 0x00007FF9A6030000: C:\\Windows\\SYSTEM32\\kernel.appcore (0x12000 bytes).\n2026-06-29 19:26:32,699 [root] DEBUG: 2492: DLL loaded at 0x00007FF9A8700000: C:\\Windows\\System32\\bcryptPrimitives (0x83000 bytes).\n2026-06-29 19:26:32,708 [root] DEBUG: 2492: DLL loaded at 0x00007FF9A9600000: C:\\Windows\\System32\\clbcatq (0xa9000 bytes).\n2026-06-29 19:26:32,718 [root] DEBUG: 2492: DLL loaded at 0x00007FF97FC40000: C:\\Windows\\system32\\wbem\\wbemprox (0x11000 bytes).\n2026-06-29 19:26:32,730 [root] DEBUG: 2492: DLL loaded at 0x00007FF97FC20000: C:\\Windows\\system32\\wbem\\wbemsvc (0x14000 bytes).\n2026-06-29 19:26:32,788 [root] DEBUG: 2492: DLL loaded at 0x00007FF99E310000: C:\\Windows\\system32\\wbem\\wmiutils (0x28000 bytes).\n2026-06-29 19:26:36,701 [lib.api.process] INFO: Termination confirmed for process 3864\n2026-06-29 19:26:36,702 [root] INFO: Terminate event set for process 3864\n2026-06-29 19:26:36,702 [lib.api.process] INFO: Terminate event set for process 756\n2026-06-29 19:26:36,703 [root] DEBUG: 756: Terminate Event: Attempting to dump process 756\n2026-06-29 19:26:36,705 [root] DEBUG: 756: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-06-29 19:26:36,710 [lib.api.process] INFO: Termination confirmed for process 756\n2026-06-29 19:26:36,711 [root] INFO: Terminate event set for process 756\n2026-06-29 19:26:36,712 [lib.api.process] INFO: Terminate event set for process 4504\n2026-06-29 19:26:36,711 [root] DEBUG: 756: Terminate Event: monitor shutdown complete for process 756\n2026-06-29 19:26:36,713 [root] DEBUG: 4504: Terminate Event: Attempting to dump process 4504\n2026-06-29 19:26:36,716 [root] DEBUG: 4504: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-06-29 19:26:36,738 [root] DEBUG: 4504: Terminate Event: Shutdown complete for process 4504 but failed to inform analyzer.\n2026-06-29 19:26:41,721 [lib.api.process] INFO: Termination confirmed for process 4504\n2026-06-29 19:26:41,722 [root] INFO: Terminate event set for process 4504\n2026-06-29 19:26:41,722 [lib.api.process] INFO: Terminate event set for process 2492\n2026-06-29 19:26:41,724 [root] DEBUG: 2492: Terminate Event: Attempting to dump process 2492\n2026-06-29 19:26:41,725 [root] DEBUG: 2492: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-06-29 19:26:41,734 [lib.api.process] INFO: Termination confirmed for process 2492\n2026-06-29 19:26:41,735 [root] INFO: Terminate event set for process 2492\n2026-06-29 19:26:41,735 [root] INFO: Created shutdown mutex\n2026-06-29 19:26:41,735 [root] DEBUG: 2492: Terminate Event: monitor shutdown complete for process 2492\n2026-06-29 19:26:42,737 [root] INFO: Shutting down package\n2026-06-29 19:26:42,738 [root] INFO: Stopping auxiliary modules\n2026-06-29 19:26:42,738 [root] INFO: Stopping auxiliary module: Browser\n2026-06-29 19:26:42,739 [root] INFO: Stopping auxiliary module: Human\n2026-06-29 19:26:43,596 [root] INFO: Stopping auxiliary module: Screenshots\n2026-06-29 19:26:43,597 [root] INFO: Finishing auxiliary modules\n2026-06-29 19:26:43,598 [root] INFO: Shutting down pipe server and dumping dropped files\n2026-06-29 19:26:43,599 [root] WARNING: Folder at path \"C:\\hHBMUz\\debugger\" does not exist, skipping\n2026-06-29 19:26:43,599 [root] WARNING: Folder at path \"C:\\hHBMUz\\tlsdump\" does not exist, skipping\n2026-06-29 19:26:43,601 [root] INFO: Analysis completed\n",
    "errors": []
  },
  "network": {
    "pcap_sha256": "7d59ee13eb739336e4ab9b1193c0bb284de089e72b5d73b44bcd74f4273bed9a",
    "hosts": [
      {
        "ip": "142.251.14.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "beacons.gcp.gvt2.com",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "142.251.16.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "172.253.157.95",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "151.101.206.172",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          80
        ]
      },
      {
        "ip": "20.190.159.23",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      }
    ],
    "domains": [
      {
        "domain": "beacons.gcp.gvt2.com",
        "ip": "142.251.14.94"
      }
    ],
    "tcp": [
      {
        "src": "192.168.122.139",
        "sport": 49769,
        "dst": "20.190.159.23",
        "dport": 443,
        "offset": 24,
        "time": 0.0
      },
      {
        "src": "192.168.122.139",
        "sport": 49780,
        "dst": "20.190.159.23",
        "dport": 443,
        "offset": 8770,
        "time": 0.5961651802062988
      },
      {
        "src": "192.168.122.139",
        "sport": 49781,
        "dst": "151.101.206.172",
        "dport": 80,
        "offset": 19318,
        "time": 0.6867580413818359
      },
      {
        "src": "192.168.122.139",
        "sport": 49782,
        "dst": "151.101.206.172",
        "dport": 80,
        "offset": 22066,
        "time": 0.7718520164489746
      },
      {
        "src": "192.168.122.139",
        "sport": 49755,
        "dst": "172.253.157.95",
        "dport": 443,
        "offset": 43946,
        "time": 18.69262409210205
      },
      {
        "src": "192.168.122.139",
        "sport": 49763,
        "dst": "74.125.206.138",
        "dport": 443,
        "offset": 44904,
        "time": 24.672023057937622
      },
      {
        "src": "192.168.122.139",
        "sport": 49754,
        "dst": "142.251.16.94",
        "dport": 443,
        "offset": 50017,
        "time": 24.7210590839386
      },
      {
        "src": "192.168.122.139",
        "sport": 49788,
        "dst": "142.251.14.94",
        "dport": 443,
        "offset": 51741,
        "time": 24.859989166259766
      }
    ],
    "udp": [
      {
        "src": "192.168.122.139",
        "sport": 64545,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 44594,
        "time": 24.655701160430908
      },
      {
        "src": "192.168.122.139",
        "sport": 53987,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 51269,
        "time": 24.80474615097046
      }
    ],
    "icmp": [],
    "http": [],
    "dns": [
      {
        "request": "beacons.gcp.gvt2.com",
        "type": "A",
        "answers": [
          {
            "type": "CNAME",
            "data": "beacons-handoff.gcp.gvt2.com"
          },
          {
            "type": "A",
            "data": "142.251.14.94"
          }
        ],
        "first_seen": 1782761193.991857
      }
    ],
    "smtp": [],
    "irc": [],
    "dead_hosts": []
  },
  "url_analysis": {},
  "procmemory": [],
  "signatures": [
    {
      "name": "stealth_network",
      "description": "Network activity detected but not expressed in monitor API logs",
      "categories": [
        "stealth"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "ip": "142.251.14.94"
        },
        {
          "ip": "142.251.16.94"
        },
        {
          "ip": "172.253.157.95"
        },
        {
          "ip": "151.101.206.172"
        },
        {
          "ip": "20.190.159.23"
        },
        {
          "domain": "beacons.gcp.gvt2.com"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "antivm_checks_available_memory",
      "description": "Checks available memory",
      "categories": [
        "antivm"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4504,
          "cid": 2649
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_keyboard_layout",
      "description": "Queries the keyboard layout",
      "categories": [
        "location_discovery"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4504,
          "cid": 8804
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 8829
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 8873
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 8955
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 8962
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 8964
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 8966
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 8968
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_locale_api",
      "description": "Queries the computer locale (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3864,
          "cid": 62
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 241
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 1859
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 1954
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 1961
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 1963
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 1969
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 1971
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 1973
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 1975
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 3095
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9293
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "antidebug_setunhandledexceptionfilter",
      "description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
      "categories": [
        "anti-debug"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 40,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3864,
          "cid": 15
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "language_check_registry",
      "description": "Checks system language via registry key (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US"
        },
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "mouse_movement_detect",
      "description": "Checks for mouse movement",
      "categories": [
        "anti-sandbox"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4504,
          "cid": 7
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 52
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 2962
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9327
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9333
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9365
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9367
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9368
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9370
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9372
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9373
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9374
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9376
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9378
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9379
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9380
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9381
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9383
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9385
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9386
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9387
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9389
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9391
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9392
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9393
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9395
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9397
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9398
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9399
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9401
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9403
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9404
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9406
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9408
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9409
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9411
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 9415
        },
        {
          "mouse_movement": "Checks for mouse movement (mouse movement observed in sandbox during sampling)."
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "privilege_elevation_check",
      "description": "Queries process token information to check for Administrator privileges or UAC elevation status",
      "categories": [
        "discovery",
        "privilege_escalation"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4504,
          "cid": 3697
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 4311
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 8488
        },
        {
          "type": "call",
          "pid": 2492,
          "cid": 129
        },
        {
          "type": "call",
          "pid": 2492,
          "cid": 130
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "query_fips_reconnaissance",
      "description": "Queried the FIPS cryptography policy, can be used to adapt C2 network encryption or by legitimate encryption software",
      "categories": [
        "discovery",
        "c2"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 50,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3864,
          "cid": 123
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 124
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 127
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 129
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 130
        },
        {
          "type": "call",
          "pid": 2492,
          "cid": 96
        },
        {
          "type": "call",
          "pid": 2492,
          "cid": 97
        },
        {
          "type": "call",
          "pid": 2492,
          "cid": 100
        },
        {
          "type": "call",
          "pid": 2492,
          "cid": 102
        },
        {
          "type": "call",
          "pid": 2492,
          "cid": 103
        },
        {
          "behavioral_fips_reconnaissance": [
            "cmd.exe (PID: 3864) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled'",
            "WmiPrvSE.exe (PID: 2492) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy'",
            "WmiPrvSE.exe (PID: 2492) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE'",
            "WmiPrvSE.exe (PID: 2492) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy'",
            "cmd.exe (PID: 3864) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy'",
            "cmd.exe (PID: 3864) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE'",
            "WmiPrvSE.exe (PID: 2492) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled'",
            "cmd.exe (PID: 3864) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled'",
            "cmd.exe (PID: 3864) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy'",
            "WmiPrvSE.exe (PID: 2492) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled'"
          ]
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "mountpoints_volume_discovery",
      "description": "Queries the mount points and then resolves volume paths to enumerate storage devices",
      "categories": [
        "discovery",
        "ransomware",
        "wiper"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 20,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3864,
          "cid": 215
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 220
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 229
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 231
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 237
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 246
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 248
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 253
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 3439
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 3440
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 3445
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 3455
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 3509
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 3515
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 3517
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 3522
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 8189
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "creates_suspended_process",
      "description": "Creates a process in a suspended state, likely for injection",
      "categories": [
        "injection",
        "process hollowing"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 50,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 3864,
          "cid": 633
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "enumerates_running_processes",
      "description": "Enumerates running processes",
      "categories": [
        "discovery"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "process": "System with pid 4"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 101
        },
        {
          "process": "Registry with pid 92"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 102
        },
        {
          "process": "smss.exe with pid 324"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 103
        },
        {
          "process": "csrss.exe with pid 428"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 104
        },
        {
          "process": "wininit.exe with pid 548"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 105
        },
        {
          "process": "services.exe with pid 632"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 106
        },
        {
          "process": "lsass.exe with pid 644"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 107
        },
        {
          "process": "fontdrvhost.exe with pid 744"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 108
        },
        {
          "process": "svchost.exe with pid 756"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 109
        },
        {
          "process": "svchost.exe with pid 872"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 110
        },
        {
          "process": "svchost.exe with pid 1012"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 111
        },
        {
          "process": "svchost.exe with pid 360"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 112
        },
        {
          "process": "svchost.exe with pid 412"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 113
        },
        {
          "process": "svchost.exe with pid 364"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 114
        },
        {
          "process": "svchost.exe with pid 1120"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 115
        },
        {
          "process": "svchost.exe with pid 1276"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 116
        },
        {
          "process": "svchost.exe with pid 1364"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 117
        },
        {
          "process": "svchost.exe with pid 1372"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 118
        },
        {
          "process": "svchost.exe with pid 1388"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 119
        },
        {
          "process": "svchost.exe with pid 1512"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 120
        },
        {
          "process": "spoolsv.exe with pid 1568"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 121
        },
        {
          "process": "svchost.exe with pid 1828"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 122
        },
        {
          "process": "armsvc.exe with pid 1848"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 123
        },
        {
          "process": "svchost.exe with pid 1864"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 124
        },
        {
          "process": "svchost.exe with pid 1872"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 125
        },
        {
          "process": "svchost.exe with pid 1380"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 126
        },
        {
          "process": "svchost.exe with pid 2448"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 127
        },
        {
          "process": "SearchIndexer.exe with pid 3168"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 128
        },
        {
          "process": "svchost.exe with pid 3880"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 129
        },
        {
          "process": "csrss.exe with pid 3308"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 130
        },
        {
          "process": "winlogon.exe with pid 2584"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 131
        },
        {
          "process": "fontdrvhost.exe with pid 2308"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 132
        },
        {
          "process": "dwm.exe with pid 2768"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 133
        },
        {
          "process": "sihost.exe with pid 2260"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 134
        },
        {
          "process": "svchost.exe with pid 4012"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 135
        },
        {
          "process": "taskhostw.exe with pid 3552"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 136
        },
        {
          "process": "pyw.exe with pid 3700"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 137
        },
        {
          "process": "explorer.exe with pid 2892"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 138
        },
        {
          "process": "StartMenuExperienceHost.exe with pid 2132"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 139
        },
        {
          "process": "RuntimeBroker.exe with pid 3980"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 140
        },
        {
          "process": "SearchApp.exe with pid 2232"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 141
        },
        {
          "process": "RuntimeBroker.exe with pid 628"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 142
        },
        {
          "process": "ctfmon.exe with pid 788"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 143
        },
        {
          "process": "chrome.exe with pid 2996"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 144
        },
        {
          "process": "chrome.exe with pid 828"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 145
        },
        {
          "process": "chrome.exe with pid 3964"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 146
        },
        {
          "process": "chrome.exe with pid 3176"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 147
        },
        {
          "process": "chrome.exe with pid 3884"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 148
        },
        {
          "process": "chrome.exe with pid 3556"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 149
        },
        {
          "process": "svchost.exe with pid 3648"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 150
        },
        {
          "process": "dllhost.exe with pid 4172"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 151
        },
        {
          "process": "ApplicationFrameHost.exe with pid 3896"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 152
        },
        {
          "process": "ONENOTEM.EXE with pid 592"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 153
        },
        {
          "process": "svchost.exe with pid 4980"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 154
        },
        {
          "process": "chrome.exe with pid 2924"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 155
        },
        {
          "process": "svchost.exe with pid 3148"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 156
        },
        {
          "process": "TrustedInstaller.exe with pid 2700"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 157
        },
        {
          "process": "TiWorker.exe with pid 1272"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 158
        },
        {
          "process": "MoUsoCoreWorker.exe with pid 2792"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 159
        },
        {
          "process": "sppsvc.exe with pid 1284"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 160
        },
        {
          "process": "SppExtComObj.Exe with pid 4580"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 161
        },
        {
          "process": "svchost.exe with pid 924"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 162
        },
        {
          "process": "taskhostw.exe with pid 348"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 163
        },
        {
          "process": "notepad.exe with pid 2848"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 164
        },
        {
          "process": "svchost.exe with pid 4620"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 165
        },
        {
          "process": "cmd.exe with pid 3864"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 166
        },
        {
          "process": "WmiPrvSE.exe with pid 2164"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 167
        },
        {
          "process": "conhost.exe with pid 4132"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 168
        },
        {
          "process": "mspaint.exe with pid 4504"
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 169
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "process_interest",
      "description": "Expresses interest in specific running processes",
      "categories": [
        "generic"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4504,
          "cid": 101
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 102
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 103
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 104
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 105
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 106
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 107
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 108
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 109
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 110
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 111
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 112
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 113
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 114
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 115
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 116
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 117
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 118
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 119
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 120
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 121
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 122
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 123
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 124
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 125
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 126
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 127
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 128
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 129
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 130
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 131
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 132
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 133
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 134
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 135
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 136
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 137
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 138
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 139
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 140
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 141
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 142
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 143
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 144
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 145
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 146
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 147
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 148
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 149
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 150
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 151
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 152
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 153
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 154
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 155
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 156
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 157
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 158
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 159
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 160
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 161
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 162
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 163
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 164
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 165
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 166
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 167
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 168
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 169
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 170
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 171
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 172
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 173
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 174
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 175
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 176
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 177
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 178
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 179
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 180
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 181
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 182
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 183
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 184
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 185
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 186
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 187
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 188
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 189
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 190
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 191
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 192
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 193
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 194
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 195
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 196
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 197
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 198
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 199
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 200
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 201
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 202
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 203
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 204
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 205
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 206
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 207
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 208
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 209
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 210
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 211
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 212
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 213
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 214
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 215
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 216
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 217
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 218
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 219
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 220
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 221
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 222
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 223
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 224
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 225
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 226
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 227
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 228
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 229
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 230
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 231
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 232
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 234
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 235
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 237
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 238
        },
        {
          "process": "mspaint.exe"
        },
        {
          "process": "cmd.exe"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "discover_registry_mount_points",
      "description": "Queries registry mount points to identify historical or connected removable/network drives",
      "categories": [
        "discovery",
        "ransomware",
        "wiper"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 20,
      "references": [],
      "data": [
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Generation"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Data"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Generation"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-100000000000}\\Data"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-10e008000000}\\Generation"
        },
        {
          "mount_point_key": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{e1e1ae7a-0000-0000-0000-300300000000}\\Data"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "hardware_id_profiling",
      "description": "Queries the Volume Serial Number or Physical Hardware ID, possibly for anti-sandbox, victim profiling or environmental keying",
      "categories": [
        "evasion",
        "recon",
        "anti-sandbox"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4504,
          "cid": 1493
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 1498
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 3188
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 3304
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 8589
        },
        {
          "type": "call",
          "pid": 4504,
          "cid": 8597
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "process_creation_suspicious_location",
      "description": "Created a process from a suspicious location",
      "categories": [
        "execution"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 20,
      "references": [],
      "data": [
        {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg"
        },
        {
          "command": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\0001.jpg\" "
        },
        {
          "type": "call",
          "pid": 3864,
          "cid": 89
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    }
  ],
  "malscore": 9.9,
  "ttps": [
    {
      "signature": "stealth_network",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "mouse_movement_detect",
      "ttps": [
        "T1497"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "hardware_id_profiling",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "E1082",
        "E1480.001"
      ]
    },
    {
      "signature": "antivm_checks_available_memory",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "privilege_elevation_check",
      "ttps": [
        "T1033",
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "query_fips_reconnaissance",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "mountpoints_volume_discovery",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "process_creation_suspicious_location",
      "ttps": [
        "T1106"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "creates_suspended_process",
      "ttps": [
        "T1055"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "enumerates_running_processes",
      "ttps": [
        "T1057"
      ],
      "mbcs": [
        "OB0007"
      ]
    },
    {
      "signature": "process_interest",
      "ttps": [
        "T1057"
      ],
      "mbcs": [
        "OB0007"
      ]
    },
    {
      "signature": "discover_registry_mount_points",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    }
  ],
  "malstatus": null
}